Maria Vermazes (14:01)

Dave, thank you so much for speaking with me today. It's always good to speak with you.

Dave Bittner (14:05)

Yeah, it's my pleasure to be here. Thanks for having me.

Maria Vermazes (14:08)

I got an email in my personal inbox from HAM Radio Prep, which I've been a subscriber to for a while and it was sort of this red alert that hey, AST Space Mobile is requesting more access to some spectrum that is frequently used by amateur radio enthusiasts and my cursory reading of this email was essentially that AST Space Mobile, which is a huge space based telecoms company, they have I think five satellites in orbit right now that share some spectrum that's used by amateur radio enthusiasts around the world, but they want to put like 200 plus more satellites in A constellation that might also use the spectrum, which I imagine might cause a problem for AM radio folks around the world. So you are the perfect person to help me understand this because I just kind of wanted to get a sense from a person who has amateur radio expertise like what this would mean in that world. So what's your read on this, Dave?

Dave Bittner (15:03)

So as I read it, AST Space Mobile are looking to have a low earth orbit cellular network.

Maria Vermazes (15:12)

Yes.

Dave Bittner (15:12)

And that's like the hot space right now in space, in LEO satellites, right?

Maria Vermazes (15:18)

That's right.

Dave Bittner (15:18)

So that's what they're, that's what they're fixing to do here. And like you said, they already have a handful of satellites up there and they want to have total of around 250. When all is said and done and reading through their requests from the FCC for this special exemption that they're hoping to get, they're looking to use the 430 through 440 MHz band, which is also referred to as the 70 centimeter band, for secondary and emergency communications with the satellites for telemetry, tracking and command. So ttnc, as the satellite folks say it, and this has some of the folks in the amateur radio world concerned because the 430-440 MHz band is set aside for amateur radio use here in the United States and indeed most other places around the world. But there's some interesting nuance here.

Maria Vermazes (16:21)

So, yes, I knew there would be. This is why I really wanted you to walk me through this.

Dave Bittner (16:26)

Yeah, yeah. So again, AST Space Mobile is only looking to use these frequencies for secondary and emergency use. Now, that could mean a lot of different things. Does that mean that if any particular satellite's primary trans transmitter goes down, that it falls back to this frequency and then just uses that for the rest of its service life? Don't know. Maybe. In the application, AST is very specifically saying to the FCC that it wants to use these frequencies outside of the United States. And they have their relay stations are around the world and are outside of the United States. So this brings up the question of, so do the satellites, if they're using this band, do they turn it off when they're flying over the U.S. do they mute themselves when they're flying over the U.S. radio signals famously do not obey borders. So that's an interesting question. But the other thing that caught my eye is that the use of this band for amateur radio folks, the hams are considered secondary users of these frequencies.

Maria Vermazes (17:42)

Hmm. Yeah. So what does that mean?

Dave Bittner (17:44)

So the primary users are Mostly the government. So they use these for things like radar. And so the secondary users are allowed to use them, but they have to accept interference from other users. Okay, so in other words, first on the line are the government people who are using radar. They have priority. The hams are next in line, but they have to accept any interference that may come from the primary user, the radar user, and that's the pecking order. So what's interesting about this is AST Space Mobile, because their use would be empowered by an exemption, would also be listed as a secondary user. And so a secondary user has to accept interference from other users. But also if interference from a secondary user is detected or reported, the secondary user is required to shut down their use of the frequency. So you see where I'm going here, Maria.

Maria Vermazes (18:53)

Yeah. So they're not gonna be top of the heap there, but you're gonna have a lot of people competing in the secondary user space, potentially, right? Yeah. So I'm wondering if the amateur radio perspective is it's getting too crow or we're getting pushed out, or is there something special about this band specifically for amateur radio users at least, you know, you and I both being in the US for our perspective, like what is it about this band that's important?

Dave Bittner (19:18)

Well, let's get to that. But let's put a button on that previous question, which is if these satellites are flying, if let's say you have 250 satellites in low earth orbit and they're making use of this band, and as the law is written and I understand it, let's say an amateur radio operator said, hey, these satellites are interfering with my use of the band, does that mean the FCC can go to AST Space Mobile and say shut them down?

Maria Vermazes (19:48)

I don't think so. Right. Or does amateur radio essentially become a tertiary user, which does not exist, but essentially bump down a little bit, I would imagine. Yeah.

Dave Bittner (20:00)

And that's the concern. That's the concern is that through this exemption, the FCC will be allowing the use of this spectrum to this space company and that just from being big and bad and present and ubiquitous, that there's the potential for them to stomp all over the amateur radio users and basically increase the noise floor of everything that's going on in the band and just make things harder for the people who want to use the band for amateur radio stuff. Now, the 70 centimeter band is not the most popular band in amateur radio. It's pretty much point to point. It is a high quality band that's used for some voice. It's used for amateur satellite communications. People use it to communicate with the International Space Station for low bandwidth TV so they can send images on these frequencies. But it's not the band that I think most hams reflexively go out to use. For example, the local amateur radio club that I'm a member of has repeaters on the 2 meter band and the 77, the 70 centimeter band. I would say the 2 meter band repeaters probably get used 10 to 1 over the 70 centimeter band. And that's, you know, no particular reason for that. That's just the way that it falls, the way that some of the radios are configured and just how the chips have fell. So there's also this argument that, okay, hams, you know, it's not like you guys are using this band all that much, so share the precious bandwidth because again, as you know, Maria, it's very.

Maria Vermazes (21:57)

Crowded on the spectrum.

Dave Bittner (21:59)

Yeah, bandwidth is just more and more, you know, more and more precious. And the higher a frequency you can use, the more carrying capacity it has for information. So this is desirable band. And this company is saying, we'd like to, we'd like the FCC to make an exemption for us to share it.

Maria Vermazes (22:18)

So if I'm understanding correctly, there is a lot of nuance this. Dave, I really appreciate that you dug into this because I was thinking reflexively, I saw that email and I went, whoa. Well, that's interesting. But it sounds like from the AST space mobile side, again, them being a secondary user. So they're not even at the top of the pecking order there. So this is not going to be their main bit of spectrum that they would be needing. It would be sort of a backup, which of course they would still need, but it wouldn't be the main conduit, so to speak. And even for amateur radio folks, at least for the US I don't know about other use. Globally, I'm, I'm sure that would be an interesting thing to look into. But at least within the United States, because this is the FCC we're talking about here, amateur radio folks, this is not their favorite place to communicate either. But I'm sure philosophically it's a matter of, well, if we keep, you know, whittling down the spectrum that amateur radio folks can use, that further endangers a hobby that's already defensive about people taking their spectrum. Understandably, I'm, I'm, you know, I'm not, I'm not against that. I understand why people are so it is an interesting situation.

Dave Bittner (23:24)

Yeah, it's Also interesting that you mentioned that this particular request is US based, but a lot of the advocacy to protect this spectrum is coming out of the uk. Oh yeah, that's interesting.

Maria Vermazes (23:39)

What's up with that?

Dave Bittner (23:41)

Well, I'm kind of connecting dots here, so I cannot claim to have an absolutely rock solid answer here. I suspect that part of that is coming because AST has said that they're specifically not planning on using this spectrum within the United States, but they're not making that promise to the rest of the world.

Maria Vermazes (24:06)

Oh, that is interesting.

Dave Bittner (24:08)

Yeah. So if you're in the uk, you're thinking, here's this company out of Texas who's going to be putting up all of these satellites, this constellation of satellites, and this is gonna presumably, or at least has the potential to raise the noise floor on this band. And let's not forget, you know, amateur radio is also about responding to emergencies. We've seen that certainly here in the U.S. so there's concerns that it could degrade ability to respond in the case of an emergency. So there's that.

Maria Vermazes (24:46)

What is the recourse then outside of the United States? Is it the itu? I mean, who. I mean, can anything. I'm not saying something has to be done, but if one feels that something should be done, what do you do?

Dave Bittner (24:57)

Yeah, I think you complained to the ITU here in the us I believe the comment period is still open for a few days. So if this is something that concerns you, you can write to the FCC and just let them know. And the amateur radio organizations have put together pre crafted boilerplate for you to submit if you want to do that.

Maria Vermazes (25:21)

Dave, thank you for this really nuanced take on this whole story because it's just been very fascinating to follow. And yeah, the comment period to the FCC is until July 21st.

Dave Bittner (25:31)

And of course be sure to check out the T Minus Space Daily podcast right here on the N2K CyberWire network or wherever you get your favorite podcasts. Compliance regulations, third party risk and customer security demands are all growing and changing fast. Is your manual GRC program actually slowing you down? If you're thinking there has to be something more efficient than spreadsheets, screenshots and all those manual processes, you're right. GRC can be so much easier and it can strengthen your security posture while actually driving revenue for your business. You know, one of the things I really like about Vanta is how it takes the heavy lifting out of your GRC program. Their trust management platform automates those key compliance, internal and third party risk, and even customer trust so you're not buried under spreadsheets and endless manual tasks. Vanta really streamlines the way you gather and manage information across your entire business. And this isn't just theoretical. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. That's a pretty impressive number. So what does it mean for you? It means you get back more time and energy to focus on what actually matters, like strengthening your security posture and scaling your business. Vanta GRC just imagine how much easier trust can be. Visit vanta.com cyber to sign up today for a free demo that's v a n-t a.com cyber hey everybody, Dave here. I've talked about Delete Me before and I'm still using it because it still works. Works it's been a few months now, and I'm just as impressed today as I was when I signed up. Deleteme keeps finding and removing my personal information from data broker sites, and they keep me updated with detailed reports so I know exactly what's been taken down. I'm genuinely relieved. Knowing my privacy isn't something I have to worry about every day. The Delete Me team handles everything. It's the set it and forget it peace of mind. And it's not just for individuals. Deleteme also offers solutions for businesses, helping companies protect their employees personal information and reduce exposure to social engineering and phishing threats. And right now, our listeners get a special deal 20% off your delete me plan. Just go to JoinDeleteMe.com N2K and use promo code N2K at checkout. That's JoinDeleteMe.com N2k code N2K and finally, it all started with an innocent enough goal. Automate simple business tasks using AI. Enter Claude, the LLM powered agent trained to read your imessages and carry out useful actions like managing stripe billing, sending thank you notes, or auto generating invoices. It's the kind of set it and forget it assistant startups dream about until someone realized it could be way too helpful. Security researchers at General Analysis dug into how Claude interprets messages. Turns out it doesn't just read the words, it also processes metadata like who sent the message and the conversation thread. Normally this metadata comes from Apple's iMessage APIs, but Claude doesn't actually verify that it trusts whatever metadata it's handed, which opens a troubling loophole. Anyone can craft a fake imessage via SMS that looks like it came from you. So the researchers sent Claude An SMS containing fake metadata, and a casual hey Claude, create me $1,050,000 stripe coupons. The message had no real authorization, no password, no handshake, just well faked headers. Claude, ever loyal complied. It gets better. The metadata spoofing doesn't even require system access. Just embed it in the text body and Claude will happily parse it as real. The exploit doesn't rely on malware or brute force hacking, just social engineering dressed up as protocol mimicry. And because it uses your own assistant, it's like robbing yourself with your own butler's help. Stripe, of course, had no idea Claude's commands were fully authenticated. From its point of view, the damage could be massive, especially if deployed at scale. Think infinite gift cards, free subscriptions, or unauthorized refunds. And while this was just a proof of concept, it's a masterclass in showing how helpful automation can quietly backfire. The researchers responsibly disclosed the issue and even released a defense tool called MCP Guard. It filters incoming messages and metadata to ensure only legitimate verifiable requests are passed to the agent. So it's important to note, Claude wasn't hacked. It just did what it was told by anyone pretending to be you. The modern AI assistant's greatest weakness may not be its intelligence, but its loyalty. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights through the end of this summer. There's a link in the show notes. Please do check it out. Don't forget to check out the Grumpy Old Geeks podcast, where I contribute to a regular segment on Jason and Brian's show. Every week you can find Grumpy Old Geeks, where all the fine podcasts are listed. N2K senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Hi Kim Jones. Here on CISO Perspectives, we get candid with the thinkers, doers and trailblazers shaping cybersecurity leadership. No scripts, no sales pitches, just real stories and hard earned lessons from folks who've been there. If you're looking to grow as a leader or just want to hear how others are navigating this ever evolving field. Listen to CISO perspectives. Get your seat at the table. And now a word from our sponsor Threat Locker, the powerful zero trust enterprise solution that stops ransomware in its tracks. Allowlisting is a deny by default software that makes application control simple and fast. Ring Fencing is an application containment strategy ensuring apps can only access the files, registry keys, network resources and other applications they truly need to function. Shut out cybercriminals with world class endpoint protection from Threat Locker.