Decoding Data from Iridium Satellites
rtl-sdr.com> Later in the presentation he shows some interesting examples such as an intercepted Iridium satellte phone call to a C-37 aircraft.
So Iridium has been cracked, and no reactions so far? Am I missing something? This sounds like a Big Deal.
No. As with other satellite phones, security/encryption is an additional feature that you buy. For everyone else, there's no security/encryption - you just need to implement the system and protocols to tap into it - which is what has been done here. (And for the parts that have encryption, it's the data that's encrypted, while metadata (e.g. call setup) is still plain text)
Here's a transcript of the intercepted call that they played:
> You have reached the 310 airlift squadron C-37 aircraft, tail number 0028.
> To call the CSL press 1.
> To call secure telephone number one, press 2.
> To call secure telephone number two, press <missing>
> Satcom direct Inmarsat connection in progress, please hold while we attempt to connect your call.
> The approximate global connect time is <missing>
> <ringing>
I suppose that selecting to connect to the secure phones could trigger an encryption layer on top of the call.
That puts it into perspective, thanks. Interesting that unprotected metadata is something that the US army is willing to accept.
Also ... correct me if I misremember ... but I think it is the case that with Iridium - encryption or no encryption - Eve can discern your physical location and get GPS coordinates for you.
Am I remembering that correctly ? I believe that got some journalists killed in Syria a few years ago ...
They mention in the talk that the satellite will periodically downlink both its location as well as where it thinks the particular spot beam you're using hits the earth.
So while at the very least I'm not sure you'd get GPS-quality data, if you monitored that data for awhile I'd think you could eventually get "good enough" accuracy.
I've also read about the Syrian bombs targeting Iridium users. Maybe they used triangulation to locate the source of the signal that was being broadcast from earth. Does/did the Syrian govt have that tech? Would they need satellites, or would helicopters be enough? And which government/supplier did they buy it from?
You can probably deduce quite a lot position-wise by observing the doppler shifts and doppler shift corrections.
I remember hearing that as well, although I can't find a citation.
Whats the timestamp in the youtube video for that
It sort of like how US drones used to broadcast video unencrypted. They didn't bother since they thought the barrier to entry for seeing the feed was too high, until it wasn't.
Nobody seems to have learned a thing since the phreakers poked and prodded the phone network...
same story with israeli drones https://theintercept.com/2016/01/28/israeli-drone-feeds-hack...
There was nothing to crack, the only security is in the availability of easy-to-use receivers. Assume that any intelligence agency in the world has an archive of Iridium transmissions going many years back.
Was there not some talk about how Taliban or some such used open sat coms, and still "we" were unable to find them?
Direct link to the talk - https://www.youtube.com/watch?v=cvKaC4pNvck
CCC Munchen wiki pages on Iridium: https://wiki.muc.ccc.de/iridium:start
GitHub for the Iridium decoder software: https://github.com/muccc/gr-iridium
Thanks for the direct link. rtl-sdr.com seems to be having some issues at the moment.
It's not surprising considering age of Iridium. Also I believe they don't make lot of money, so any development (also security related) is pretty much ceased.
They're already produced and will start soon launching Iridium NEXT [1] satellites, moreover developed a whole platform called Iridium Prime [2].
[1] https://www.iridium.com/network/iridiumnext
[2] https://www.iridium.com/company/industryleadership/iridiumpr...
It would be pretty nice if they partnered up with someone like Verizon and offered service in places where there is no regular 2G/3G service, your phone would need to have a chip for it I suppose.
The Iridium phones are pretty big--think landline cordless phone handset--and often have an extensible antenna. Given the mania for thinner and thinner phones, this probably isn't going to fly.
The network access is also expensive--think $50+ per month, with a handful (literally, like...10) of text messages and voice minutes included, with ~$1 per extra minute/message. If you live and work in somewhere with a modicum of infrastructure, this also probably isn't worth it.
(FWIW: I think part of their initial pitch was to Important Executives who need to be in touch with the office 24/7, but that seems to have fallen by the wayside and it's increasingly targeted at people going/living/working in remote areas).
Sat phones are quite common where I live in Montana (you only have to drive 10 miles out of town to lose cell reception). The geosynchronous Inmarsat service is typically better/cheaper than Iridium today. I pay around $35/mo for more call time and SMS than I need to use. The phones are reasonably small but very old-school (like a 2000-vintage GSM handset). Because it uses satellites over the equator you need a southern aspect to connect. Folks rock climbing up north-facing cliffs or sailing north of 70 degrees need Iridium :)
Interesting! We looked at Inmarsat and Globalstar when we were in Alaska, but we were at the very edge of their coverage area and it didn't seem worth it to have a potentially-flakey phone for emergencies.
I gather it's gotten a lot better since then, though.
I seem to recall that, during the initial deployment in the 90-ies, I read about China requesting that some parts of its territory be excluded from coverage. But I cannot find any links to that, and the coverage map doesn't seem to have any holes now.
I know that you have to register your phone specially to use it in russia, but I have no idea if that actually affects reachability.
I know Iridium is illegal in Kuba, but works just fine there.
I don't recall any restriction in china, currently.
Iridium is basically only still in business because of US armed forces (and maybe diplomatic services? though not sure how much field work they do..) operational dependencies. Editorial retraction, mea culpa: Wrong about the TACSAT statement here. See parent below for the http://www.airspacemag.com/space/the-rise-and-fall-and-rise-... Post chapter-11 (2000), investors got the whole Iridium infrastructure at sub-pennies on the dollar. (Literally. They got it for the price of the _single launch_ (i.e., not including materials, R&D, labor, etc) of their multitude (60ish) of sub-orbitals.).
Which I'm sure they're selling at absurd prices thanks to Sept 11.
Editorial retraction, mea culpa, #2 [conflated the hell out of ARSOF, again, see below. The economic analysis + usage of Iridium still holds.] C-37 is USAF aircraft - this dude seriously compromised his personal security by making this talk [and implicitly, his identity] public. He's going to have the pleasure of having SSSS scribbled onto every airline ticket he purchases from now on, I'd wager.
Iridium was such a brilliant buy. ROI at must be absolute insanity.
@Dasmoth - 64 billion dollars in grey-money was allocated for "Overseas Contingency Operations" by the Omnibus bill last December. I'm sure SAIC/Northrup/whoever gets the contract to 'fix this hole' is going to be enjoying the 800 million they secure from the Pentagon to basically modify transmissions/upgrade the firmware of the phones to use Diffie-Hellman handshakes and AES haha.
INMARSAT is a different system entirely. Iridium uses a relatively massive constellation (77 birds, plus or minus) of Low Earth Orbit (LEO) satellites. Inmarsat runs a handful of Geosynchronous (GEO) satellites.
Iridium has some advantages. It has coverage at the poles, where GEO sats typically do not. The mobile units can be small(ish) and handheld. But it also has some significant limitations. Datarates are in the 2400bps range. Latency goes all over the place due to the way the calls get routed through the constellation. Dropped calls are common.
Inmarsat operates a service called BGAN (Broadband Global Area Network), which depending on your hardware delivers speeds in the 128kbps to 512kbps range. The latency is always bad (GEO is a long way away), but more consistent. The terminals are big bulky affairs that range in size from a briefcase up to a mini-fridge. You can't hang one on your belt like you can with an Iridium phone, and some require you to set the antenna up and point it at the satellite manually.
While it is true that the Iridium company bought the system for a song, it's also true that they bought a massively expensive maintenance liability. You can't just ignore a satellite and expect it to keep working, they require operators on the ground to regularly monitor each and every bird to insure that it doesn't drift off orbit and to handle conditions that arise. They also have to launch replacement satellites regularly as the old ones start to fail. Plus they're building out a whole new system. The ROI is no doubt positive (they've been doing this for years now), but maybe not as much as you might expect. Iridium's biggest problem was its tiny userbase.
Motorola's whole business model with the original Iridium was pretty insane. They saw the relatively sparse deployment of cell towers back in the AMP era as something that was going to last. The only way to fix it was satellite communications, but the phones needed to be small enough to be used like cell phones (admittedly, compared to a 1980s cell phone they really weren't too bulky), which means low power which means LEO, which means you need a ton of satellites to cover the globe. By the time they finally got them all launched cell towers were everywhere and people (especially businessmen) realized that they liked using them indoors (which Iridium was terrible at) and paying only pennies per minute (instead of dollars per minute). The target audience was small, and many of those people couldn't afford the system at all.
>Motorola's whole business model with the original Iridium was pretty insane.
Agreed, their original use case made some assumptions that have proven false. It's too bad Motorola sold off Iridium (and for that matter Motorola Mobility) because now with Project Ara we're finally to the point of single device satellite and terrestrial convergence. I.E. You could presumably purchase or rent an Iridium expansion for your handset much like you can rent Iridium handsets today.
Didn't Google massively scale back Ara recently?
> Iridium has some advantages. It has coverage at the poles, where GEO sats typically do not. The mobile units can be small(ish) and handheld. But it also has some significant limitations. Datarates are in the 2400bps range. Latency goes all over the place due to the way the calls get routed through the constellation. Dropped calls are common.
I seem to recall the south pole base use multiple iridium phones in a aggregation setup as a backup data channel.
One of the common solutions bonds together a bunch of channels to get you a nominally 128kbps datalink. You will pay through the nose if you use any significant portion of that bandwidth however (prices start at $13/mb, but can be brought down to as little as $1.27/mb if you purchase a full gigabyte up front each month).
http://www.satphonestore.com/tech-browsing/iridium-nav/iridi...
Note that this solution also removes one of the nominal advantages of Iridium. You can't hang it from your belt, the antenna weighs 11kg and is the size of a large punchbowl. It also requires a separate rack mounted modem.
How much would your browsing habits changed if loading an average webpage[1] cost you $31.80?
All TACSAT coms are done via single-channel Iridium networks at UHF.
Huh? Military UHF TACSAT communications are single channel UHF networks via geostationary satellites. But the military also makes extensive use of Iridium and INMARSAT networks to fill in gaps of bandwidth/availability coverage.
SATCOM / INMARSAT is heavily based on Iridium
Huh? No. Iridium is cross-linked Low-Earth Orbit (LEO) architecture. UHF Military TACSAT is geostationary dedicated transponders for the military - and those satellites also carry EHF/SHF payloads as well. INMARSAT is also Geostationary in the L and C band areas.
Well, the dude is german, so he isn't in US jurisdiction so he's probably less concerned about it. Still jeopardizing his personal security for sure, and probably going to make it difficult to travel internationally.
SSSS is meaningless, never heard of anyone that had meaningful issues as a result of having this flag.
What is SSSS? See the Wikipedia page:
https://en.m.wikipedia.org/wiki/Secondary_Security_Screening...
Here is an anecdote for you. I was once held up at gunpoint on a business trip and my wallet was taken (gotta love Orlando, FL).
I went to the airport 3 hours early with no identification and told them the situation. They still printed my boarding pass and put SSSS on it. I went to the huge long line and I went around it entirely and went into the secondary screening room. They did a full patdown and entirely emptied my carry-on. It was no big deal and was done in 20 minutes, less time than I'd have stood in line. After that I boarded the plane and went home.
I've sometimes contemplated putting SSSS on my boarding pass with a red sharpie when there is a very long line just to get around it entirely.
Thank you, this is exactly the same experience I've heard from others.
Anyone that I'm aware has had issues, knew they were permanently of the SSSS list, knew what would happen, ignored it, and had minor issues; in case it's not clear to others, you got a one-time SSSS for not having an ID.
Clearly, given anyone might have issue and I've seen it happen, ("I swear, I was joking, I will never say that again; [as passenger walks away with law enforcement].")
Any rate, while I agree neither with the SSSS or for that matter, it's been shown that TSA offers no real protection via their owe audits - an SSSS flag has no meaningful impact yo my knowledge.
I was just thinking about how aggravating it must be from the POV of someone who used to fly a lot. If I was still flying twice a week consulting I'd be livid. If I was perma-SSSS'd. I'm sure he's under far more vigilant security scrutinization--I mean even pre-9/11 DEFCON had 'spot the fed' games as a lark because they were so obvious.
Most of the major conferences I'm sure have attendees listed (not a new practice - post-McCarthy's 'red scare' made it acceptable for both federal/local LEO to monitor protestors - but I'm sure it's way easier now and this dude basically painted a target on his body.)
Have you ever flown with an SSSS, if so, how did it cause any issues? If not, at best your response is speculative.
My experience is that those with SSSS get through TSA screening faster and given they expect the search, don't have anything worth searching.
Clearly if you have an SSSS and create problems or provide surface for friction, then sure it's a pain, but then again, with or without an SSSS there's the potential you'll still have issues.
I have (and upvoted your previous comments) see my anecdote in your previous comment.
They make enough money that they've been able to fund the construction of a new generation of satellites. The first batch is due to launch next month.
There is an active market for iridium phone rentals for hiking/backpacking purposes, so they do get active use by civilians. Additionally in places like Alaska many people who live in remote areas have an iridium phone in as there is no cell coverage.
Can anyone share articles about how these satellites are _managed_ remotely by their administrators, and the security around those connections?
I know newer entrants like Planet Labs run normal Linux on their satellites, and I assume use a normal SSH connection. What do the older platforms use? How do they move the key material around to the different ground stations?
I'm really hoping that the specific name of the software package comes to mind. There's a super old ground terminal command & data handling (C&DH) package that is very very common. It runs on Linux, and has a UI that looks like it's written using Motif.
I haven't worked in the space industry for almost 10 years now, but that was everywhere when I was there. And I'm hoping that the name will come to mind over the next few hours and I can edit this post :)
Edit: Success! ITOS: http://itos.gsfc.nasa.gov/index.php
this is so weird; http://john.je/hKnG
At least those guys know it's not encrypted.
drug dealers or outsourced cia rendition/black ops
The doppler shift described at ~14:45 was a really interesting component of Iridium that I recall when I learned about it many years ago.
These guys are great, this was an enjoyable presentation.
The doppler shfit also supposedly provided a clue about the whereabouts of MH370 after it disappeared: https://theaviationist.com/2014/03/27/inmarsat-helps-finding...
To be fair, that wasn't Iridium, that was INMARSAT. Completely different company with a very different satellite system.
That XML they found in the SDB channel seems like has to do with EU and fisheries. I guess it could be catch reports from trawlers.
And the FTP upload seems to be for the Air Force Weather Agency.
Also, a Mandrake 9.2 install doing a PPP dialup via iridium voice?! The world is indeed stranger than fiction.