The Iridium Low Earth Orbit (LEO) satellite constellation remains a unique provider of global communications for critical industries, governments, and private users, serving over 2.5 million active subscribers despite recent market competition. In contrast to terrestrial wireless standards such as 3GPP, Iridium protocol specifications are proprietary and have not undergone rigorous, public, and systematic security evaluation. In this work, we present the first comprehensive security analysis of Iridium authentication and radio link protocols. We reverse engineer Iridium SIM-based authentication mechanism and demonstrate that the secret key can be extracted from the SIM card, enabling full device cloning and impersonation attacks. Leveraging a month-long dataset of Iridium up- and downlink satellite traffic, we further show that nearly all signaling and radio communication protocols currently in use lack encryption, resulting in the exposure of sensitive information in cleartext over the air such as login credentials and large volumes of personal data. Finally, we develop custom software-defined radio (SDR) tools to carry out spoofing and jamming attacks, revealing that modestly equipped adversaries can inject falsified messages or disrupt the Iridium service locally due to the absence of source authentication. Our findings uncover systemic vulnerabilities in the Iridium radio link and highlight the urgent need for users of critical applications to transition to more secure communication radio links.

翻译：铱星低地球轨道（LEO）卫星星座仍然是关键行业、政府和私人用户全球通信的独特提供商，尽管面临近期市场竞争，仍为超过250万活跃用户提供服务。与3GPP等地面无线标准不同，铱星协议规范是专有的，尚未经过严格、公开和系统的安全评估。在本研究中，我们首次对铱星认证和无线链路协议进行了全面的安全分析。我们逆向工程了基于铱星SIM卡的认证机制，并证明可以从SIM卡中提取密钥，从而实现完整的设备克隆和身份冒用攻击。利用长达一个月的铱星上下行卫星流量数据集，我们进一步表明，当前使用的几乎所有信令和无线通信协议都缺乏加密，导致敏感信息（如登录凭证和大量个人数据）以明文形式在空中暴露。最后，我们开发了定制软件定义无线电（SDR）工具来执行欺骗和干扰攻击，揭示出由于缺乏信源认证，装备适中的攻击者能够在本地注入伪造消息或中断铱星服务。我们的研究结果揭示了铱星无线链路中的系统性漏洞，并强调了关键应用用户迫切需要转向更安全的通信无线链路。