White Hat Hackers Expose Security Flaws In Iridium Satellite Communications

• Written by Kiara Fabbri Former Tech News Writer
• Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

German white hat hackers have recently demonstrated significant security vulnerabilities in Iridium satellite communications, potentially compromising the privacy of users, including U.S. Department of Defense (DoD) employees, as first reported by Spectrum .

In a Rush? Here are the Quick Facts!

• German hackers intercepted Iridium communications, revealing vulnerabilities in satellite systems.
• Hackers pinpointed DoD users’ locations with 4 km accuracy using basic equipment.
• Iridium’s legacy satellite devices still use an outdated, unencrypted radio protocol.

The hackers revealed how they were able to intercept text messages and pinpoint user locations with remarkable accuracy, raising concerns about the system’s integrity.

Spectrum reports that during a presentation at the Chaos Communication Congress in Hamburg in late December, hackers Sec and Schneider showcased their findings.

They revealed that despite Iridium’s reliance on a secure gateway to route and encrypt traffic for the DoD, their eavesdropping equipment was able to pinpoint the location of DoD users with an accuracy of approximately 4 kilometers.

They utilized a home-assembled kit consisting of an Iridium antenna, a software-defined radio receiver, and a basic computer such as a Raspberry Pi.

“We see devices that register with the DoD service center and then we can find their positions from these registrations,” Sec explained, as reported by Spectrum. “You don’t have to see the communication from the actual phone to the network, you just see the network’s answer with the position, and you then can map where all the registered devices are.”

The Iridium satellite constellation, launched in the late 1990s, was the first to offer global satellite communication services. Although the company has upgraded its systems with more secure satellites, many of its older devices still operate on the legacy radio protocol, which lacks encryption, says Spectrum.

According to analyst Christian von der Ropp, this outdated system leaves users vulnerable. “The regular satellite phones that they sell still operate under the old legacy protocol,” von der Ropp said, as reported by Spectrum.

“If you buy a brand-new civilian Iridium phone, it still operates using the 30-year-old radio protocol, and it is subject to the same vulnerability. So, you can intercept everything. You can listen to the voice calls, you can read SMS, absolutely everything. Out of the box it’s a totally unsecure service.”

The hackers also demonstrated the ease of intercepting communications. They revealed a text message exchanged between two employees of the German Foreign Office, showing how low-cost, readily available equipment can intercept Iridium signals across vast areas.

“With US $400 worth of equipment and freely available software, you can start right away intercepting Iridium communications,” von der Ropp said, as reported by Spectrum.

Despite these vulnerabilities, Iridium remains a key player in satellite communications, having secured a $94 million contract with the U.S. Space Force last year. However, the DoD is reportedly seeking alternatives, such as Starlink, due to concerns over Iridium’s security risks, as noted by SPectrum.

Image by Freepik

Growing Link Between Cybercriminals And State Hackers Raises Security Concerns

• Written by Kiara Fabbri Former Tech News Writer
• Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

In a Rush? Here are the Quick Facts!

• Most cyberattacks today are financially motivated, with criminals using ransomware and scams.
• Hospitals are increasingly targeted, with data leaks doubling in the past three years.
• Russia, Iran, China, and North Korea use cybercrime to support espionage and financial goals

The trend is particularly evident in the growing use of cybercrime tactics by state-backed hackers to conceal espionage activities and fund operations.

Google-owned cybersecurity firm Mandiant highlighted this development on Tuesday, noting that financially motivated cybercrime now dominates online threats, accounting for most of the malicious activity detected by security teams.

In 2024, Mandiant responded to nearly four times more financially motivated cyber intrusions than those linked to nation-states. However, researchers warn that while cybercrime often receives less attention from national security experts, its impact can be just as severe as espionage-related attacks.

“A hospital disrupted by a state-backed group using a wiper and a hospital disrupted by a financially motivated group using ransomware have the same impact on patient care,” Mandiant researchers wrote.

This concern is especially relevant as cybercriminals increasingly target healthcare institutions, with data leak incidents in the sector doubling over the past three years.

Beyond direct threats, cybercriminal groups are also enabling state-backed hacking efforts. Nation-states are increasingly purchasing cyber capabilities from these groups or co-opting them for espionage and disruptive operations.

Russia, for instance, has relied on cybercriminal expertise in its cyber warfare against Ukraine. The Russian military intelligence unit APT44, also known as Sandworm, has reportedly used malware from cybercrime networks to conduct cyberattacks.

Similarly, RomCom, a group historically focused on financial cybercrime, has been involved in espionage operations against the Ukrainian government since 2022, as reported by the researchers.

This pattern extends beyond Russia. Iranian hacking groups deploy ransomware for financial gain while simultaneously conducting espionage. Chinese espionage groups often engage in cybercrime to supplement their income.

Mandiant emphasized that alongside law enforcement efforts, systemic solutions such as bolstering cybersecurity education and resilience are necessary to curb the growing cybercrime ecosystem.

As cybercrime and espionage continue to converge, experts warn that the threat landscape will become even more complex, demanding stronger global coordination to combat both financially and politically driven cyber threats.