Systematic Security Analysis of the Iridium Satellite Radio Link

TL;DR

This paper presents the first comprehensive security analysis of the Iridium satellite communication system, revealing critical vulnerabilities such as key extraction, unencrypted data, and susceptibility to spoofing and jamming attacks, which threaten its security and privacy.

Contribution

It systematically evaluates Iridium's security, reverse engineers its authentication, and demonstrates practical attacks, highlighting systemic vulnerabilities and the need for improved security measures.

Findings

Secret keys can be extracted from SIM cards enabling impersonation.

Most communication protocols lack encryption, exposing sensitive data.

Adversaries can perform spoofing and jamming with modest equipment.

Abstract

The Iridium Low Earth Orbit (LEO) satellite constellation remains a unique provider of global communications for critical industries, governments, and private users, serving over 2.5 million active subscribers despite recent market competition. In contrast to terrestrial wireless standards such as 3GPP, Iridium protocol specifications are proprietary and have not undergone rigorous, public, and systematic security evaluation. In this work, we present the first comprehensive security analysis of Iridium authentication and radio link protocols. We reverse engineer Iridium SIM-based authentication mechanism and demonstrate that the secret key can be extracted from the SIM card, enabling full device cloning and impersonation attacks. Leveraging a month-long dataset of Iridium up- and downlink satellite traffic, we further show that nearly all signaling and radio communication protocols currently in use lack encryption, resulting in the exposure of sensitive information in cleartext over the air such as login credentials and large volumes of personal data. Finally, we develop custom software-defined radio (SDR) tools to carry out spoofing and jamming attacks, revealing that modestly equipped adversaries can inject falsified messages or disrupt the Iridium service locally due to the absence of source authentication. Our findings uncover systemic vulnerabilities in the Iridium radio link and highlight the urgent need for users of critical applications to transition to more secure communication radio links.