This study presents the first comprehensive security analysis of the Iridium satellite communication protocol, which has long lacked systematic evaluation and exhibits critical vulnerabilities, including weak authentication and end-to-end plaintext transmission. Through reverse engineering of the SIM card authentication mechanism, combined with extensive uplink/downlink signal collection, software-defined radio (SDR) techniques, and a custom-built attack toolchain, the authors conduct a thorough investigation of both the authentication and wireless link-layer protocols. The research demonstrates that Iridium authentication keys can be extracted, enabling passive device cloning, and further shows practical attacks including sensitive data eavesdropping, message injection, and localized service disruption. This work provides the first empirical evidence of multiple high-severity security flaws across the entire Iridium communication chain.

The Iridium Low Earth Orbit (LEO) satellite constellation remains a unique provider of global communications for critical industries, governments, and private users, serving over 2.5 million active subscribers despite recent market competition. In contrast to terrestrial wireless standards such as 3GPP, Iridium protocol specifications are proprietary and have not undergone rigorous, public, and systematic security evaluation. In this work, we present the first comprehensive security analysis of Iridium authentication and radio link protocols. We reverse engineer Iridium SIM-based authentication mechanism and demonstrate that the secret key can be extracted from the SIM card, enabling full device cloning and impersonation attacks. Leveraging a month-long dataset of Iridium up- and downlink satellite traffic, we further show that nearly all signaling and radio communication protocols currently in use lack encryption, resulting in the exposure of sensitive information in cleartext over the air such as login credentials and large volumes of personal data. Finally, we develop custom software-defined radio (SDR) tools to carry out spoofing and jamming attacks, revealing that modestly equipped adversaries can inject falsified messages or disrupt the Iridium service locally due to the absence of source authentication. Our findings uncover systemic vulnerabilities in the Iridium radio link and highlight the urgent need for users of critical applications to transition to more secure communication radio links.