Hacker conferences are famous for using quirky, hackablebadges. DefCon's 2015 badge was a working vinyl LP containing a spoken-word ciphertext copy of the Hacker Manifesto.
But at the Chaos Communication Camp, held in Zehdenick, Germany last week, the organizers did something different: they gave out 4500 rad1o badges. These software-defined radios are sensitive enough to intercept satellite traffic from theIridium communications network.
During a Camp presentation entitled "Iridium Hacking: please don't sue us," hackers Sec and schneider demonstrated how to eavesdrop on Iridium pager traffic using the Camp badge.
The Iridium satellite network consists of 66 active satellites in low Earth orbit. Developed by Motorola for the Iridium company, the network offers voice and data communications for satellite phones, pagers, and integrated transceivers around the world. (Iridium went bankrupt in 1999, but was later purchased from Motorola in 2001 by private investors, who have revived the company.) The largest user of the Iridium network is the Pentagon.
"The problem," Sec explained, "isn't that Iridium has poor security. It's that it has no security."
Originally designed in the 1980s, the Iridium network was obsolete by the time it was launched in 1998. Iridium pager traffic is sent in cleartext by default, and most pager traffic remains unencrypted.
Despite this, an Iridium internal PowerPoint slide deck marked "Confidential" released by WikiLeaks in 2008 boasted that "the complexity of the Iridium air interface makes the challenge of developing an Iridium L-Band monitoring device very difficult and probably beyond the reach of all but the most determined adversaries."