[MrBuddyCasino]

> Later in the presentation he shows some interesting examples such as an intercepted Iridium satellte phone call to a C-37 aircraft.

So Iridium has been cracked, and no reactions so far? Am I missing something? This sounds like a Big Deal.

[noselasd]

No. As with other satellite phones, security/encryption is an additional feature that you buy. For everyone else, there's no security/encryption - you just need to implement the system and protocols to tap into it - which is what has been done here. (And for the parts that have encryption, it's the data that's encrypted, while metadata (e.g. call setup) is still plain text)

[manarth]

Here's a transcript of the intercepted call that they played:

> You have reached the 310 airlift squadron C-37 aircraft, tail number 0028.

> To call the CSL press 1.

> To call secure telephone number one, press 2.

> To call secure telephone number two, press <missing>

> Satcom direct Inmarsat connection in progress, please hold while we attempt to connect your call.

> The approximate global connect time is <missing>

> <ringing>

I suppose that selecting to connect to the secure phones could trigger an encryption layer on top of the call.

[MrBuddyCasino]

That puts it into perspective, thanks. Interesting that unprotected metadata is something that the US army is willing to accept.

[rsync]

Also ... correct me if I misremember ... but I think it is the case that with Iridium - encryption or no encryption - Eve can discern your physical location and get GPS coordinates for you.

Am I remembering that correctly ? I believe that got some journalists killed in Syria a few years ago ...

[fisherjeff]

They mention in the talk that the satellite will periodically downlink both its location as well as where it thinks the particular spot beam you're using hits the earth.

So while at the very least I'm not sure you'd get GPS-quality data, if you monitored that data for awhile I'd think you could eventually get "good enough" accuracy.

[netsharc]

I've also read about the Syrian bombs targeting Iridium users. Maybe they used triangulation to locate the source of the signal that was being broadcast from earth. Does/did the Syrian govt have that tech? Would they need satellites, or would helicopters be enough? And which government/supplier did they buy it from?

[ris]

You can probably deduce quite a lot position-wise by observing the doppler shifts and doppler shift corrections.

[pjc50]

I remember hearing that as well, although I can't find a citation.

[exabrial]

Whats the timestamp in the youtube video for that

[kejaed]

It sort of like how US drones used to broadcast video unencrypted. They didn't bother since they thought the barrier to entry for seeing the feed was too high, until it wasn't.

https://www.wired.com/2012/10/hack-proof-drone/

[digi_owl]

Nobody seems to have learned a thing since the phreakers poked and prodded the phone network...

[rasz_pl]

same story with israeli drones https://theintercept.com/2016/01/28/israeli-drone-feeds-hack...

[revelation]

There was nothing to crack, the only security is in the availability of easy-to-use receivers. Assume that any intelligence agency in the world has an archive of Iridium transmissions going many years back.

[digi_owl]

Was there not some talk about how Taliban or some such used open sat coms, and still "we" were unable to find them?