Indeed. Yet here on ground SS7 remains vulnerable and exploitable too? On Thu, Mar 13, 2025 at 10:17 PM Robert McMahon wrote: > yeah, our space walks to fix outdated satellites isn't easily doable > nor cost efficient. > > The parts need to be pluggable, similar to light bulbs. If they need > replacement, just swap them out for the improved version. Or if you > get a flat, buy a new tire (and don't send that car into space in the > first place.) > > This approach works well inside buildings. > > The fiber cables, plastic holders, and antennas themselves are the > only fixed, long lived parts. Fiber is actually better than copper > w/respect to security. > > China is doing this already and we're way behind. > > Bob > > On Thu, Mar 13, 2025 at 6:38 PM David Bray, PhD > wrote: > > > > Meanwhile there's Salt Typhoon, Volt Typhoon... also this: > > > > https://spectrum.ieee.org/iridium-satellite > > > > White Hat Hackers Expose Iridium Satellite Security Flaws > > > > Users' locations and texts can be intercepted, including DoD employees > > > > In a recent demonstration, German white hat hackers showed how to > intercept text messages sent via the U.S. satellite communication system > Iridium and locate users with an accuracy of about 4 kilometers. > > > > The twohackers, known publicly only under the nicknames Sec and > Schneider, made the revelations during a presentation at the Chaos > Communication Congress in late December in Hamburg, Germany. During the > talk, they highlighted severe vulnerabilities in services that tens of > thousands of users from the U.S. Department of Defense rely on. > > > > Although the DoD uses a secure gateway to route and encrypt its traffic, > the hackers were able to see which devices were connecting via the DoD > pathway. That allowed the duo to identify and locate DoD users with an > accuracy of about 4 km using a home-assembled eavesdropping kit consisting > of a commercially available Iridium antenna, a software-defined radio > receiver and a basic computer, such as the Intel N100 mobile CPU or the > Raspberry Pi mini-computer. > > > > “We see devices that register with the DoD service center and then we > can find their positions from these registrations,” Sec said during the > talk. “You don’t have to see the communication from the actual phone to the > network, you just see the network’s answer with the position, and you then > can map where all the registered devices are.” > > > > Iridium’s Legacy Components Still Cause Problems > > > > The Iridium constellation, first deployed in the late 1990s, is made up > of 66 satellites disbursed across six orbital planes roughly 870 km above > Earth. The constellation, the first to have provided global commercial > satellite communications services, supports satellite telephony and > connects pagers, emergency beacons, and Internet of Things devices all over > the world. Out of Iridium’s 2.3 million subscribers, 145,000 are U.S. > government customers. Iridium receivers are also frequently used by vessels > at sea and by aircraft pilots exchanging information with other airplanes > and with ground control. > > > > “Back then encryption was not something on everyone’s mind,” Sec said > during the presentation. “All the [first generation] Iridium data is > unencrypted.” > > > > In response to a request for comment, a spokesperson from Iridium says, > “This is old news. The DoD and others encrypt their communications over our > network which address the issues this article raises. There is a reason the > DoD continues to be such a big customer and we expect that to continue well > into the future. We have always allowed others to encrypt their traffic > over our network. Our commercial partners have been doing the same for > decades, when and where the markets request it.” > > > > Iridium replaced its first-generation fleet with more secure satellites > (the second-generation NEXT constellation) between 2017 and 2019. But > according to satellite and telecommunications industry analyst Christian > von der Ropp, many Iridium devices in use today, including civilian > satellite phones, still rely on the first-generation Iridium radio protocol > that has no encryption. > > > > “The regular satellite phones that they sell still operate under the old > legacy protocol,” says von der Ropp. “If you buy a brand-new civilian > Iridium phone, it still operates using the 30-year-old radio protocol, and > it is subject to the same vulnerability. So, you can intercept everything. > You can listen to the voice calls, you can read SMS, absolutely everything. > Out of the box it’s a totally unsecure service.” > > > > Von der Ropp estimates that tens or even hundreds of thousands of > Iridium devices in use today rely on the old, unsecured radio protocol. > > > > Hackers Reveal Vulnerabilities in Iridium’s Systems > > > > While the DoD uses an extra layer of encryption to protect the content > of its exchanges, other nations’ agencies appear to be less aware of the > vulnerabilities. In perhaps the most jaw-dropping moment of the hacking > demonstration, Sec revealed a text message exchanged between two employees > of the German Foreign Office that he and Schneider were able to intercept. > > > > “I need a good doctor in [Tel Aviv] who can also look at gunshot wounds. > Can you send me a number ASAP,” read the message sent by a worker at the > Crisis Response Center of the German Foreign Office’s mission in Tel Aviv. > The hackers did not reveal when the exchange had taken place. > > > > Using software he and Schneider had created, Sec also showed a map of > devices visible in a single moment to their eavesdropping gear located in > Munich. Iridium devices as far as London, central Norway and Syria (more > than 3,000 km away) could be seen. > > > > “With US $400 worth of equipment and freely available software, you can > start right away intercepting Iridium communications in an area with a > diameter of hundreds, sometimes even thousands of kilometers,” said von der > Ropp, who was present at the demonstration. “The Iridium signal is divided > into spot beams that are about 400 km wide. In principle, one should only > be able to listen to the spot beam overhead. But the signal is so strong > that you can also detect many of the surrounding spot beams, sometimes up > to 2,000 km away.” > > > > The DoD, von der Ropp said, is looking for alternatives to Iridium, > including Starlink. Still, last year Iridium won a $94 million contract to > provide communication services to the U.S. Space Force. > > > > Von der Ropp noted that few Iridium users seemed to be active in > Ukraine, suggesting the local forces are potentially aware of Iridium’s > shortcomings. The vulnerability of satellite systems and services to > disruption and interference by bad actors has become a hot topic since > Russia’s invasion of the country three years ago. The widespread > cyberattack on the ground infrastructure of satellite communication > provider Viasat crippled the Ukrainian forces’ access to satcom services on > the eve of the invasion. The incident, which according to analysts was > planned by Russian state-backed hackers for months, revealed the weakness > of Viasat’s cyber defenses. > > > > Since then, the number of cyberattacks on satcom providers has increased > exponentially. Global navigation and positioning satellite systems such as > GPS have also been put to the test. Signal jamming is now a regular > occurrence even outside conflict zones and instances of sophisticated > spoofing attacks, designed to confuse users and send them to wrong > locations, are becoming increasingly common. > > > > This story was updated on 14 February 2025 to add a statement from > Iridium. > > > > > > > > On Thu, Mar 13, 2025 at 2:36 PM Robert McMahon via Nnagain < > nnagain@lists.bufferbloat.net> wrote: > >> > >> My opinions: > >> > >> There should be no more linux kernels in the customer premise with > >> Fi-Wi. 30M lines of code and 11,000 config options is a form of sw > >> bloat that's impossible to secure. Particularly since most noone is > >> getting paid for this work. > >> > >> Reducing the radio head/client (STA) density to near 1/1 and shrinking > >> the cell size will minimize the media access latency. Packet latency > >> can use non queue building techniques so there will be no substantial > >> packet queueing delays. All delay will be distance and speed of > >> photons related per physics & spacetime. > >> > >> Our issue isn't regulators - it's that white collar workers and our > >> leadership haven't engaged the blue collar workers, and we haven't > >> kept advancing our engineering. We need to teach fiber installer > >> businesses how to build these Fi-Wi networks so that our kids get life > >> support and productivity capable networks that can be depended upon. > >> > >> And everyone that adds value needs to be paid somehow. Best done > >> through markets. Fi-Wi creates high paying jobs in the trades for in > >> premise fiber installers. > >> > >> I think we lack vision and leadership, followed by execution. It's not > >> a cult thing like Musk's failed prophecies - it's the real deal that > >> impacts our lives. Low latency will become ubiquitous if we act to our > >> abilities. Waiting on regulators is like Waiting for Godot. > >> > >> Bob > >> > >> > >> On Thu, Mar 13, 2025 at 10:00 AM Frantisek Borsik > >> wrote: > >> > > >> > Hey Bob, > >> > > >> > I don't think that improving latency is about mandating of a specific > algorithm - it's about an improvements to broadband definition. > >> > Broadband that servers the needs of us all today, goes beyond 100/20, > it's should include a low latency, low consistent jitter. > >> > Now, what are the right numbers, that's another discussion. But it's > a discussion we need to have. > >> > I would certainly let market to decide on the tools/algorithms that > will achieve those numbers - be it a Quality of Experience middle box (like > LibreQoS, Preseem, Bequand/Cambium Networks QoE, Paraqum or Sandvine), L4S > etc. > >> > > >> > As for the other issues that need some love - for example, making > vendors to update kernel and provide updates to routers they sold, that's a > good thing. > >> > > >> > All the best, > >> > > >> > Frank > >> > > >> > Frantisek (Frank) Borsik > >> > > >> > > >> > > >> > https://www.linkedin.com/in/frantisekborsik > >> > > >> > Signal, Telegram, WhatsApp: +421919416714 > >> > > >> > iMessage, mobile: +420775230885 > >> > > >> > Skype: casioa5302ca > >> > > >> > frantisek.borsik@gmail.com > >> > > >> > > >> > > >> > On Thu, Mar 13, 2025 at 5:33 PM Robert McMahon via Nnagain < > nnagain@lists.bufferbloat.net> wrote: > >> >> > >> >> > > >> >> > As for "what the FCC can do", "dissolve itself" comes to mind. > AFAIK, it's been over a decade since they have done anything helpful or > useful for any American citizen who isn't the head of a major corporation. > If you delete the entire organization, there will be no one around to > enforce whatever regs are still on the books so who cares? ... and you'll > save another few 10's of millions of dollars annually which will fit nicely > in the pockets of the "good folks", aka FODT. 😊😊😊 > >> >> > > >> >> I worked with a CA state regulator in a tech support role prior to > >> >> so-called broadband (actually, internet access beyond dial-up MODEMs) > >> >> This was post 1996 telco act, just prior to the dot com bubble. The > >> >> lobbyists at the time disliked having 50 States regulating things. > >> >> They pushed made it so the 5 commissioners on the FCC became the > >> >> primary regulators. Many call this regulatory capture. > >> >> > >> >> Unfortunately, I don't think we can get rid of the FCC. Our utility > >> >> poles are mostly regulated by them as one example. > >> >> > >> >> I also don't think the FCC can mandage any specific AQM algorithm. > >> >> That's a long term disaster in the making for sure. Let network > >> >> engineers and the market battle that out. > >> >> > >> >> Bob > >> >> > >> >> PS. Good to hear from you RR - i hope all is well. I've got a Fi-Wi > >> >> project you may be interested in - not sure. > >> >> _______________________________________________ > >> >> Nnagain mailing list > >> >> Nnagain@lists.bufferbloat.net > >> >> https://lists.bufferbloat.net/listinfo/nnagain > >> _______________________________________________ > >> Nnagain mailing list > >> Nnagain@lists.bufferbloat.net > >> https://lists.bufferbloat.net/listinfo/nnagain >