[NNagain] FCC - delete, delete, delete

David Bray, PhD david.a.bray at gmail.com
Thu Mar 13 22:24:00 EDT 2025 

Indeed. Yet here on ground SS7 remains vulnerable and exploitable too?


On Thu, Mar 13, 2025 at 10:17 PM Robert McMahon <rjmcmahon at rjmcmahon.com>
wrote:

> yeah, our space walks to fix outdated satellites isn't easily doable
> nor cost efficient.
>
> The parts need to be pluggable, similar to light bulbs. If they need
> replacement, just swap them out for the improved version. Or if you
> get a flat, buy a new tire (and don't send that car into space in the
> first place.)
>
> This approach works well inside buildings.
>
> The fiber cables, plastic holders, and antennas themselves are the
> only fixed, long lived parts. Fiber is actually better than copper
> w/respect to security.
>
> China is doing this already and we're way behind.
>
> Bob
>
> On Thu, Mar 13, 2025 at 6:38 PM David Bray, PhD <david.a.bray at gmail.com>
> wrote:
> >
> > Meanwhile there's Salt Typhoon, Volt Typhoon... also this:
> >
> > https://spectrum.ieee.org/iridium-satellite
> >
> > White Hat Hackers Expose Iridium Satellite Security Flaws
> >
> > Users' locations and texts can be intercepted, including DoD employees
> >
> > In a recent demonstration, German white hat hackers showed how to
> intercept text messages sent via the U.S. satellite communication system
> Iridium and locate users with an accuracy of about 4 kilometers.
> >
> > The twohackers, known publicly only under the nicknames Sec and
> Schneider, made the revelations during a presentation at the Chaos
> Communication Congress in late December in Hamburg, Germany. During the
> talk, they highlighted severe vulnerabilities in services that tens of
> thousands of users from the U.S. Department of Defense rely on.
> >
> > Although the DoD uses a secure gateway to route and encrypt its traffic,
> the hackers were able to see which devices were connecting via the DoD
> pathway. That allowed the duo to identify and locate DoD users with an
> accuracy of about 4 km using a home-assembled eavesdropping kit consisting
> of a commercially available Iridium antenna, a software-defined radio
> receiver and a basic computer, such as the Intel N100 mobile CPU or the
> Raspberry Pi mini-computer.
> >
> > “We see devices that register with the DoD service center and then we
> can find their positions from these registrations,” Sec said during the
> talk. “You don’t have to see the communication from the actual phone to the
> network, you just see the network’s answer with the position, and you then
> can map where all the registered devices are.”
> >
> > Iridium’s Legacy Components Still Cause Problems
> >
> > The Iridium constellation, first deployed in the late 1990s, is made up
> of 66 satellites disbursed across six orbital planes roughly 870 km above
> Earth. The constellation, the first to have provided global commercial
> satellite communications services, supports satellite telephony and
> connects pagers, emergency beacons, and Internet of Things devices all over
> the world. Out of Iridium’s 2.3 million subscribers, 145,000 are U.S.
> government customers. Iridium receivers are also frequently used by vessels
> at sea and by aircraft pilots exchanging information with other airplanes
> and with ground control.
> >
> > “Back then encryption was not something on everyone’s mind,” Sec said
> during the presentation. “All the [first generation] Iridium data is
> unencrypted.”
> >
> > In response to a request for comment, a spokesperson from Iridium says,
> “This is old news. The DoD and others encrypt their communications over our
> network which address the issues this article raises. There is a reason the
> DoD continues to be such a big customer and we expect that to continue well
> into the future. We have always allowed others to encrypt their traffic
> over our network. Our commercial partners have been doing the same for
> decades, when and where the markets request it.”
> >
> > Iridium replaced its first-generation fleet with more secure satellites
> (the second-generation NEXT constellation) between 2017 and 2019. But
> according to satellite and telecommunications industry analyst Christian
> von der Ropp, many Iridium devices in use today, including civilian
> satellite phones, still rely on the first-generation Iridium radio protocol
> that has no encryption.
> >
> > “The regular satellite phones that they sell still operate under the old
> legacy protocol,” says von der Ropp. “If you buy a brand-new civilian
> Iridium phone, it still operates using the 30-year-old radio protocol, and
> it is subject to the same vulnerability. So, you can intercept everything.
> You can listen to the voice calls, you can read SMS, absolutely everything.
> Out of the box it’s a totally unsecure service.”
> >
> > Von der Ropp estimates that tens or even hundreds of thousands of
> Iridium devices in use today rely on the old, unsecured radio protocol.
> >
> > Hackers Reveal Vulnerabilities in Iridium’s Systems
> >
> > While the DoD uses an extra layer of encryption to protect the content
> of its exchanges, other nations’ agencies appear to be less aware of the
> vulnerabilities. In perhaps the most jaw-dropping moment of the hacking
> demonstration, Sec revealed a text message exchanged between two employees
> of the German Foreign Office that he and Schneider were able to intercept.
> >
> > “I need a good doctor in [Tel Aviv] who can also look at gunshot wounds.
> Can you send me a number ASAP,” read the message sent by a worker at the
> Crisis Response Center of the German Foreign Office’s mission in Tel Aviv.
> The hackers did not reveal when the exchange had taken place.
> >
> > Using software he and Schneider had created, Sec also showed a map of
> devices visible in a single moment to their eavesdropping gear located in
> Munich. Iridium devices as far as London, central Norway and Syria (more
> than 3,000 km away) could be seen.
> >
> > “With US $400 worth of equipment and freely available software, you can
> start right away intercepting Iridium communications in an area with a
> diameter of hundreds, sometimes even thousands of kilometers,” said von der
> Ropp, who was present at the demonstration. “The Iridium signal is divided
> into spot beams that are about 400 km wide. In principle, one should only
> be able to listen to the spot beam overhead. But the signal is so strong
> that you can also detect many of the surrounding spot beams, sometimes up
> to 2,000 km away.”
> >
> > The DoD, von der Ropp said, is looking for alternatives to Iridium,
> including Starlink. Still, last year Iridium won a $94 million contract to
> provide communication services to the U.S. Space Force.
> >
> > Von der Ropp noted that few Iridium users seemed to be active in
> Ukraine, suggesting the local forces are potentially aware of Iridium’s
> shortcomings. The vulnerability of satellite systems and services to
> disruption and interference by bad actors has become a hot topic since
> Russia’s invasion of the country three years ago. The widespread
> cyberattack on the ground infrastructure of satellite communication
> provider Viasat crippled the Ukrainian forces’ access to satcom services on
> the eve of the invasion. The incident, which according to analysts was
> planned by Russian state-backed hackers for months, revealed the weakness
> of Viasat’s cyber defenses.
> >
> > Since then, the number of cyberattacks on satcom providers has increased
> exponentially. Global navigation and positioning satellite systems such as
> GPS have also been put to the test. Signal jamming is now a regular
> occurrence even outside conflict zones and instances of sophisticated
> spoofing attacks, designed to confuse users and send them to wrong
> locations, are becoming increasingly common.
> >
> > This story was updated on 14 February 2025 to add a statement from
> Iridium.
> >
> >
> >
> > On Thu, Mar 13, 2025 at 2:36 PM Robert McMahon via Nnagain <
> nnagain at lists.bufferbloat.net> wrote:
> >>
> >> My opinions:
> >>
> >> There should be no more linux kernels in the customer premise with
> >> Fi-Wi. 30M lines of code and 11,000 config options is a form of sw
> >> bloat that's impossible to secure. Particularly since most noone is
> >> getting paid for this work.
> >>
> >> Reducing the radio head/client (STA) density to near 1/1 and shrinking
> >> the cell size will minimize the media access latency. Packet latency
> >> can use non queue building techniques so there will be no substantial
> >> packet queueing delays. All delay will be distance and speed of
> >> photons related per physics & spacetime.
> >>
> >> Our issue isn't regulators - it's that white collar workers and our
> >> leadership haven't engaged the blue collar workers, and we haven't
> >> kept advancing our engineering. We need to teach fiber installer
> >> businesses how to build these Fi-Wi networks so that our kids get life
> >> support and productivity capable networks that can be depended upon.
> >>
> >> And everyone that adds value needs to be paid somehow. Best done
> >> through markets. Fi-Wi creates high paying jobs in the trades for in
> >> premise fiber installers.
> >>
> >> I think we lack vision and leadership, followed by execution. It's not
> >> a cult thing like Musk's failed prophecies - it's the real deal that
> >> impacts our lives. Low latency will become ubiquitous if we act to our
> >> abilities. Waiting on regulators is like Waiting for Godot.
> >>
> >> Bob
> >>
> >>
> >> On Thu, Mar 13, 2025 at 10:00 AM Frantisek Borsik
> >> <frantisek.borsik at gmail.com> wrote:
> >> >
> >> > Hey Bob,
> >> >
> >> > I don't think that improving latency is about mandating of a specific
> algorithm - it's about an improvements to broadband definition.
> >> > Broadband that servers the needs of us all today, goes beyond 100/20,
> it's should include a low latency, low consistent jitter.
> >> > Now, what are the right numbers, that's another discussion. But it's
> a discussion we need to have.
> >> > I would certainly let market to decide on the tools/algorithms that
> will achieve those numbers - be it a Quality of Experience middle box (like
> LibreQoS, Preseem, Bequand/Cambium Networks QoE, Paraqum or Sandvine), L4S
> etc.
> >> >
> >> > As for the other issues that need some love - for example, making
> vendors to update kernel and provide updates to routers they sold, that's a
> good thing.
> >> >
> >> > All the best,
> >> >
> >> > Frank
> >> >
> >> > Frantisek (Frank) Borsik
> >> >
> >> >
> >> >
> >> > https://www.linkedin.com/in/frantisekborsik
> >> >
> >> > Signal, Telegram, WhatsApp: +421919416714
> >> >
> >> > iMessage, mobile: +420775230885
> >> >
> >> > Skype: casioa5302ca
> >> >
> >> > frantisek.borsik at gmail.com
> >> >
> >> >
> >> >
> >> > On Thu, Mar 13, 2025 at 5:33 PM Robert McMahon via Nnagain <
> nnagain at lists.bufferbloat.net> wrote:
> >> >>
> >> >> >
> >> >> > As for "what the FCC can do", "dissolve itself" comes to mind.
> AFAIK, it's been over a decade since they have done anything helpful or
> useful for any American citizen who isn't the head of a major corporation.
> If you delete the entire organization, there will be no one around to
> enforce whatever regs are still on the books so who cares? ... and you'll
> save another few 10's of millions of dollars annually which will fit nicely
> in the pockets of the "good folks", aka FODT. 😊😊😊
> >> >> >
> >> >> I worked with a CA state regulator in a tech support role prior to
> >> >> so-called broadband (actually, internet access beyond dial-up MODEMs)
> >> >> This was post 1996 telco act, just prior to the dot com bubble. The
> >> >> lobbyists at the time disliked having 50 States regulating things.
> >> >> They pushed made it so the 5 commissioners on the FCC became the
> >> >> primary regulators. Many call this regulatory capture.
> >> >>
> >> >> Unfortunately, I don't think we can get rid of the FCC. Our utility
> >> >> poles are mostly regulated by them as one example.
> >> >>
> >> >> I also don't think the FCC can mandage any specific AQM algorithm.
> >> >> That's a long term disaster in the making for sure. Let network
> >> >> engineers and the market battle that out.
> >> >>
> >> >> Bob
> >> >>
> >> >> PS. Good to hear from you RR - i hope all is well. I've got a Fi-Wi
> >> >> project you may be interested in - not sure.
> >> >> _______________________________________________
> >> >> Nnagain mailing list
> >> >> Nnagain at lists.bufferbloat.net
> >> >> https://lists.bufferbloat.net/listinfo/nnagain
> >> _______________________________________________
> >> Nnagain mailing list
> >> Nnagain at lists.bufferbloat.net
> >> https://lists.bufferbloat.net/listinfo/nnagain
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bufferbloat.net/pipermail/nnagain/attachments/20250313/f7065dca/attachment-0001.html>

More information about the Nnagain mailing list