It is a movie staple to see an overworked air traffic controller sweating over a radar display. Depending on the movie, they might realize they’ve picked the wrong week to stop some bad habit. But how does the system really work? [J. B. Crawford] has a meticulously detailed post about the origins of the computerized air traffic control system (building on an earlier post which is also interesting).
Like many early computer systems, the FAA started out with the Air Force SAGE defense system. It makes sense. SAGE had to identify and track radar targets. The 1959 SATIN (SAGE Air Traffic Integration) program was the result. Meanwhile, different parts of the air traffic system were installing computers piecemeal.
SAGE and its successors had many parents: MIT, MITRE, RAND, and IBM. When it was time to put together a single national air traffic system the FAA went straight to IBM, who glued together a handful of System 360 computers to form the IBM 9020. The computers had a common memory bus and formed redundant sets of computer elements to process the tremendous amount of data fed to the system. The shared memory devices were practically computers in their own right. Each main computing element had a private area of memory but could also allocate in the large shared pool.
The 9200 ran the skies for quite a while until IBM replaced it with the IBM 3083. The software was mostly the same, as were the display units. But the computer hardware, unsurprisingly, received many updates.
If you’re thinking that there’s no need to read the original post now that you’ve got the highlights from us, we’d urge you to click the link anyway. The post has a tremendous amount of detail and research. We’ve only scratched the surface.
XRP continues to show underlying strength despite facing rejection near recent highs, with the broader structure remaining intact. As long as the price holds above the key $1.30 level, the bullish bias remains in play, signaling that the latest pullback may be a consolidation rather than the start of a deeper reversal.
Multi-Year Breakout Holds As XRP Builds For The Next Expansion
During a recent analysis, Crypto Patel highlighted that XRP is trading above a confirmed multi-year breakout zone on the higher-timeframe chart, following the completion of a prolonged accumulation phase. After delivering a powerful expansion move, price action now appears to be building a structure for the next potential leg higher.
From a technical perspective, XRP has already achieved a decisive breakout from a descending wedge that developed between 2020 and 2024. This breakout triggered a rally of more than 600% from the $0.60 level, reinforcing the strength of the broader bullish trend and confirming the shift in long-term market structure.
Price is currently respecting a key fair value gap and accumulation zone between $1.90 and $1.30, an area that continues to act as a critical demand region. As long as XRP remains above $1.30, the higher-timeframe bullish structure stays intact, keeping the broader upside thesis firmly in play.
Looking ahead, Crypto Patel maintains ambitious upside targets at $3.50, $5.00, $8.70, and potentially above $10 over the longer term. The bullish outlook would be invalidated only by a higher-timeframe close below the $1.30 level, which would signal a breakdown in structure and shift the bias.
Trendline Structure Holds Despite Rejection Near $2.37
In another XRP update, Umair Crypto noted that the broader trendline structure remains intact despite the recent push above a key psychological level and rejection near $2.37. While momentum indicators showed early weakness, the price reaction did not result in a confirmed breakdown of the overall structure.
According to the analysis, the Relative Strength Index (RSI) broke down ahead of price, followed by XRP losing the range Point of Control (POC). This sequence triggered a sharp pullback, but importantly, the move lacked clear structural failure, suggesting the decline was corrective rather than trend-ending.
Relative strength continues to stand out. During the ETH-led market flush, XRP experienced a sell-off but rebounded quickly, outperforming many ETH beta assets. This behavior suggests capital rotation into relative strength rather than a broad-based distribution across the market.
Looking ahead, the bias remains constructive as long as the trendline holds and the price can reclaim value above the range POC. However, sustained acceptance below this area would invalidate the bullish setup and shift the focus toward lower levels.
Famously, the save icon on most computer user interfaces references a fairly obsolete piece of technology: the venerable floppy disk. It’s likely that most people below the age of about 30 have never interacted with one of these once-ubiquitous storage devices, so much so that many don’t recognize the object within the save icon itself anymore. [Mads Chr. Olesen]’s kids might be an exception here, though, as he’s built a remote control for them that uses real floppy disks to select the programming on the TV.
This project partially began as a way to keep the children from turning into zombies as a result of the modern auto-play brainrot-based economies common in modern media. He wanted his kids to be able to make meaningful choices and then not get sucked into these types of systems. The floppy disk presents a perfect solution here. They’re tangible media and can actually store data, so he got to work interfacing a real floppy disk drive with a microcontroller. When a disk is inserted the microcontroller wakes up, reads the data, and then sends out a command to stream the relevant media to the Chromecast on the TV. When the disk is removed, the microcontroller stops play.
Like any remote, this one is battery powered as well, but running a microcontroller and floppy disk drive came with a few challenges. This one is powered by 18650 lithium cells to help with current peaks from the drive, and after working out a few kinks it works perfectly for [Mads] children. We’ve seen a few other floppy disk-based remote controls like this one which replaces the data stored on the magnetic disc with an RFID tag instead.
Windsurfing has experienced a major decline in popularity in the last few decades as the sport’s culture failed to cater to beginners at the same time that experienced riders largely shifted to kiteboarding. While it’s sad to see a once-popular and enjoyable sport loose its mass market appeal, it does present a unique opportunity for others as there’s cheap windsurfing gear all over the online classifieds now. [Dane] recently found that some of these old boards are uniquely suited to be modified into electric surfboards.
The key design element of certain windsurfers that makes this possible is the centerboard, a fin mounted on the windsurfer extending down into the water that resists the lateral force of the sail, keeping the board moving forward instead of sideways. [Dane] used this strengthened area of the board to mount a submerged electric motor, with all of the control electronics and a battery on the top of the board. The motor controller did need a way to expel excess heat while being in a sealed waterproof enclosure, but with a hole cut in the case and a heat sink installed on top of it, this was a problem quickly solved.
The operator control consists of a few buttons which correspond to pre-selected speeds on the motor. There’s no separate control input for steering, though; in order to turn this contraption the operator has to lean the board. With some practice it’s possible to stand up on this like any other electric surfboard and scoot around [Dane]’s local lake. For the extreme budget version of this project be sure to check out [Ben Gravy]’s model which involves duct taping two cheap surfboards together instead.
We are really glad to see you back for the second part of this series. In the first article, we explored some of the cheapest and most accessible ways to build your own hacking drone. We looked at practical deployment problems, discussed how difficult stable control can be, and even built small helper scripts to make your life easier. That was your first step into this subject where drones become independent cyber platforms instead of just flying gadgets.
We came to the conclusion that the best way to manage our drone would be via 4G. Currently, in 2026, Russia is adapting a new strategy in which it is switching to 4G to control drones. An example of this is the family of Shahed drones. These drones are generally built as long-range, loitering attack platforms that use pre-programmed navigation systems, and initially they relied only on satellite guidance to reach their targets rather than on a constant 4G data link. However, in some reported variants, cellular connectivity was used to support telemetry and control-related functionality.
MANPADS mounted on Shahed
In recent years, Russia has been observed modifying these drones to carry different types of payloads and weapons, including missiles and MANPADS (Man-Portable Air-Defense System) mounted onto the airframe. The same principle applies here as with other drones. Once you are no longer restricted to a short-range Wi-Fi control link and move to longer-range communication options, your main limitation becomes power. In other words, the energy source ultimately defines how long the aircraft can stay in the air.
Today, we will go further. In this part, we are going to remove the smartphone from the back of the drone to reduce weight. The free space will instead be used for chipsets and antennas.
4G > UART > Drone
In the previous part, you may have asked yourself why an attacker would try to remotely connect to a drone through its obvious control interfaces, such as Wi-Fi. Why not simply connect directly to the flight controller and bypass the standard communication layers altogether? In the world of consumer-ready drones, you will quickly meet the same obstacle over and over again. These drones usually run closed proprietary control protocols. Before you can talk to them directly, you first need to reverse engineer how everything works, which is neither simple nor fast.
However, there is another world of open-source drone-control platforms. These include projects such as Betaflight, iNav, and Ardupilot. The simplest of these, Betaflight, supports direct control-motor command transmission over UART. If you have ever worked with microcontrollers, UART will feel familiar. The beauty here is that once a drone listens over UART, it can be controlled by almost any small Linux single-board computer. All you need to do is connect a 4G module and configure a VPN, and suddenly you have a controllable airborne hacking robot that is reachable from anywhere with mobile coverage. Working with open systems really is a pleasure because nothing is truly hidden.
So, what does the hacker need? The first requirement is a tiny and lightweight single-board computer, paired with a compact 4G modem. A very convenient combination is the NanoPi Neo Air together with the Sim7600G module. Both are extremely small and almost the same size, which makes mounting easier.
Single-board computer and 4G modem for remote communication with a drone
The NanoPi communicates with the 4G modem over UART. It actually has three UART interfaces. One UART can be used exclusively for Internet connectivity, and another one can be used for controlling the drone flight controller. The pin layout looks complicated at first, but once you understand which UART maps to which pins, the wiring becomes straightforward.
Pinout of contacts on the NanoPi mini-computer for drone control and 4G communication
After some careful soldering, the finished 4G control module will look like this:
Ready-made 4G control module
Even very simple flight controllers usually support at least two UART ports. One of these is normally already connected to the drone’s traditional radio receiver, while the second one remains available. This second UART can be connected to the NanoPi. The wiring process is exactly the same as adding a normal RC receiver.
Connecting NanoPi to the flight controller
The advantage of this approach is flexibility. You can seamlessly switch between control modes through software settings rather than physically rewiring connectors. You attach the NanoPi and Sim7600G, connect the cable, configure the protocol, and the drone now supports 4G-based remote control.
Connecting NanoPi to the flight controller
Depending on your drone’s layout, the board can be mounted under the frame, inside the body, or even inside 3D-printed brackets. Once the hardware is complete, it is time to move into software. The NanoPi is convenient because, when powered, it exposes a USB-based console. You do not even need a monitor. Just run a terminal such as:
nanoPi > minicom -D /dev/ttyACM0 -b 9600
Then disable services that you do not need:
nanoPi > systemctl disable wpa_supplicant.service
nanoPi > systemctl disable NetworkManager.service
Enable the correct UART interfaces with:
nanoPi > armbian-config
From the System menu you go to Hardware and enable UART1 and UART2, then reboot.
Minicom is useful for quickly checking UART traffic. For example, check modem communication like this:
minicom -D /dev/ttyS1 -b 115200
AT
If all is well, then you need to config files for the modem. The first one goes to /etc/ppp/peers/telecom. Replace “telecom” with the name of the cellular provider you are going to use to establish 4G connection.
And the second one goes to /etc/chatscripts/gprs
To activate 4G connectivity, you can run:
nanoPi > pon telecom
Once you confirm connectivity using ping, you should enable automatic startup using the interfaces file. Open /etc/network/interfaces and add these lines:
auto telecom
iface telecom inet ppp
provider telecom
Now comes the logical connectivity layer. To ensure you can always reach the drone securely, connect it to a central VPN server:
This allows your drone to “phone home” every time it powers on.
Next, you must control the drone motors. Flight controllers speak many logical control languages, but with UART the easiest option is the MSP protocol. We install a Python library for working with it:
NanoPi > cd /opt/; git clone https://github.com/alduxvm/pyMultiWii
NanoPi > pip3 install pyserial
The protocol is quite simple, and the library itself only requires knowing the port number. The NanoPi is connected to the drone’s flight controller via UART2, which corresponds to the ttyS2 port. Once you have the port, you can start sending values for the main channels: roll, propeller RPM/throttle, and so on, as well as auxiliary channels:
Find the script on our GitHub and place the it in ~/src/ named as control.py
The NanoPi uses UART2 for drone communication, which maps to ttyS2. You send MSP commands containing throttle, pitch, roll, yaw, and auxiliary values. An important detail is that the flight controller expects constant updates. Even if the drone is idle on the ground, neutral values must continue to be transmitted. If this stops, the controller assumes communication loss. The flight controller must also be told that MSP data is coming through UART2. In Betaflight Configurator you assign UART2 to MSP mode.
We are switching the active UART for the receiver (the NanoPi is connected to UART2 on the flight controller, while the stock receiver is connected to UART1). Next we go to Connection and select MSP as the control protocol.
If configured properly, you now have a drone that you can control over unlimited distance as long as mobile coverage exists and your battery holds out. For video streaming, connect a DVP camera to the NanoPi and stream using VLC like this:
To make piloting practical, you still need a control interface. One method is to use a real transmitter such as EdgeTX acting as a HID device. Another approach is to create a small JavaScript web app that reads keyboard or touchscreen input and sends commands via WebSockets. If you prefer Ardupilot, there are even ready-made control stacks.
By now, your drone is more than a toy. It is a remotely accessible cyber platform operating anywhere there is mobile coverage.
Protection Against Jammers
Previously we discussed how buildings and range limitations affect RF-based drone control. With mobile-controlled drones, cellular towers actually become allies instead of obstacles. However, drones can face anti-drone jammers. Most jammers block the 2.4 GHz band, because many consumer drones use this range. Higher end jammers also attack 800-900 MHz and 2.4 GHz used by RC systems like TBS, ELRS, and FRSKY. The most common method though is GPS jamming and spoofing. Spoofing lets an attacker broadcast fake satellite signals so the drone believes false coordinates. Since drone communication links are normally encrypted, GPS becomes the weak point. That means a cautious attacker may prefer to disable GPS completely. Luckily, on many open systems such as Betaflight drones or FPV cinewhoops, GPS is optional. Indoor drones usually do not use GPS anyway.
As for mobile-controlled drones, jamming becomes significantly more difficult. To cut the drone off completely, the defender must jam all relevant 4G, 3G, and 2G bands across multiple frequencies. If 4G is jammed, the modem falls back to 3G. If 3G goes down, it falls back to 2G. This layering makes mobile-controlled drones surprisingly resilient. Of course, extremely powerful directional RF weapons exist that wipe out all local radio communication when aimed precisely. But these tools are expensive and require high accuracy.
Summary
We transformed the drone into a fully independent device capable of long-range remote operation via mobile networks. The smartphone was replaced with a NanoPi Neo Air and a Sim7600G 4G modem, routed UART communication directly into the flight controller, and configured MSP-based command delivery. We also explored VPN connectivity, video streaming, and modern control interfaces ranging from RC transmitters to browser-based tools. Open-source flight controllers give us incredible flexibility.
In Part 3, we will build the attacking part and carry out our first wireless attack.
If you like the work we’re doing here and want to take your skills even further, we also offer a full SDR for Hackers Career Path. It’s a structured training program designed to guide you from the fundamentals of Software-Defined Radio all the way to advanced, real-world applications in cybersecurity and signals intelligence.
A knob can make a surprisingly versatile interface, particularly if it’s the SmartKnob, which builds a knob around a BLDC motor for programmable haptic response. It can rotate freely or with a set resistance, spring back to a fixed point when released, stick at detent points, and completely change its behavior as the interface demands. For people inexperienced in electronic assembly, though, smartknobs can be difficult to assemble. That’s why [Kokensha Tech] designed a simpler version, while at the same time letting it use a wider range of BLDC motors.
In addition to a motor, the original design used a magnetic encoder to detect position and a strain gauge to detect pressure on the knob. A circular LCD on the knob itself provided visual feedback, but it also required the motor to have a hollow center shaft. The LCD control wires running through the shaft proved tricky to assemble. [Kokensha Tech] moved the display out of the knob and onto a separate breakout board, which plugs into the controller board. This greatly broadens the range of compatible motors, since they no longer need a hollow shaft.
The motor now fits on a separate carrier board, which makes it easier to swap out different motors. The carrier board has mounting holes sized for a wide variety of motors, and four different types of motor connectors. [Kokensha Tech] also redesigned the rest of the PCB for easier soldering, while avoiding components with narrow pin spacing whenever possible. The original design used a LILYGO T-micro32 Plus MCU. The ESP32 is both cheaper and easier to solder, so it was a no-brainer to swap it in.
Hot glue guns are pretty simple beasts: there’s an on/off switch, a heating element, and a source of current, be it battery or wired. You turn it on, and the heater starts warming up; eventually you can start extruding the thermoplastic sticks we call “hot glue”. Since there’s no temperature control, the longer you run the gun, the warmer it gets until it is inevitably hotter than you actually want– either burning you or oozing thermoplastic out the tip. [Mellow_Labs] was sick of that after a marathon hot-glue session, and decided to improve on his hot glue gun with PID tuning in the video embedded below.
PID tuning is probably a familiar concept to most of you, particularly those who have 3D printers, where it’s used in exactly the same way [Mellow_Labs] puts it to work in the hot glue gun. By varying the input (in this case the power to the heater) proportional both to the Parameter (in this case, temperature) as well as the Integral and Derivative of that value, you can have a much steadier control than more naive algorithms, like the simple “on/off” thermostat that leads to large temperature swings.
In this case [Mellow_Labs] is implementing the PID control using a thermistor that looks like it came from a 3D printer, and a MOSFET driven by an RP2040. Microcontroller gets its power via the hot glue gun’s battery fed through a buck converter. Since he has them, a small OLED screen displays temperature, which is set with a pair of push-buttons. Thus, one can set a temperature hot enough to melt the glue, but low enough to avoid oozing or third degree burns.
He does not share the code he’s running on the RP2040, but if you are inspired to replicate this project and don’t want to roll your own, there are plenty of example PID scripts out there, like the one in this lovely robot. No, PID isn’t reserved for thermostats– but if you are controlling heat, it’s not reserved for electric, either. Some intrepid soul put built a PID controller for a charcoal BBQ once.
I want you to imagine a scene for a moment. You are sitting at your keyboard on one of the upper floors of a secure building in the middle of a restricted area. There is a tall fence topped with electrified barbed wire. Cameras cover every angle. Security guards patrol with confidence. You feel untouchable. Then you hear it. It’s a faint buzzing sound outside the window. You glance over for just a moment, wondering what it is. That tiny distraction is enough. In those few seconds, a small device silently installs a backdoor on your workstation. Somewhere 20 kilometers away, a hacker now has a path into the corporate network.
That may sound like something out of a movie, but it is not science fiction. In this series, we are going to walk through the process of building a drone that can perform wireless attacks such as EAP attacks, MouseJack, Kismet reconnaissance, and similar operations. A drone is an incredibly powerful tool in the hands of a malicious actor because it can carry roughly a third of its own weight as payload. But “hacking through the air” is not easy. A proper hacker drone must be autonomous, controllable over a secure channel at long distances, and resilient to jamming or suppression systems. Today we will talk through how such drones are designed and how they can be built from readily available components.
Most wireless attacks require the attacker to be physically near the target. The problem is that you can’t reach every building, every fenced facility, and every rooftop. A drone changes the entire equation. It can fly under windows, slip through partially open spaces, or even be transported inside a parcel. As a boxed payload moves through residential or office buildings, it can quietly perform wireless attacks without anyone ever suspecting what is inside. And yes, drones are used this way in the real world, including military and intelligence operations. On June 1, 2025, over 100 FPV drones that were smuggled into Russia, were concealed in modified wooden cabins on trucks, and remotely launched from positions near multiple Russian airbases. These drones conducted precision strikes on parked aircraft at bases including Belaya, Dyagilevo, Ivanovo Severny, Olenya, and Ukrainka, reportedly damaging or destroying more than 40 strategic bombers and other high-value assets.
Operation Spiderweb by Security Service of Ukraine
The FPV drones were equipped with mobile modems using Russian SIM cards to connect to local 3G/4G cellular networks inside Russia. This setup enabled remote operators in Ukraine to receive real-time high-resolution video feeds and telemetry, as well as maintain manual control over the drones via software like ArduPilot Mission Planner. The cellular connection allowed precise piloting from thousands of kilometers away, bypassing traditional radio frequency limitations and Russian electronic warfare jamming in some cases. In Part 2 we will show you how this type of connection can be established.
Drones are everywhere. They are affordable. They are also flexible. But what can they really do for a hacker? The key strength of a drone is that it can carry almost anything lightweight. This instantly increases the operational range of wireless attacks, allowing equipment to quickly and silently reach places a human cannot. A drone can scale fences, reach high-rise windows, hover near targets, and potentially enter buildings. All while remaining difficult to trace. That is an enormous advantage.
Let’s start learning how the platform works.
Implementation
Most drones are radio-controlled, but the exact communication method varies. One channel is used to receive operator commands (RX) and another to transmit video and telemetry back to the operator (TX). Different drones use different communication combinations, such as dedicated radio systems like FRSKY, ELRS, or TBS for control, and either analog or digital channels for video. Some consumer drones use Wi-Fi for telemetry or even control both ways.
For a hacker, the drone is first and foremost a transport platform. It must be reliable and durable. When you are performing attacks near buildings, lamp posts, tight corridors, or window frames, high speed becomes far less important than protecting the propellers. This is why Cinewhoop-style drones with protective frames are such a strong choice. If the drone brushes a wall, the frame absorbs the impact and keeps it flying. You can find the 3D models of it here
The drone also needs enough lifting power to carry your hacking gear. Ideally at least one-third of its own weight. That allows you to attach devices such as Wi-Fi attack platforms, SDR tools, or compact computers without stressing the motors. Because distance matters, Wi-Fi-controlled drones are usually not ideal. Wi-Fi range is typically around 50–100 meters before responsiveness begins to degrade. Professional long-range drones that use dedicated control radios like FRSKY, ELRS, or TBS are a better fit. Under good conditions, these systems can maintain control several kilometers away. Since attackers typically operate near structures, precise control is critical. FPV drones are especially useful here. They allow the pilot to “see” through the drone’s camera in real time, which is essential when maneuvering near buildings or through tight openings. Open-source flight controller platforms such as Betaflight are really attractive. They are flexible, modifiable, and easy to service. If the frame is damaged in a crash, most of the core components can be reused.
In truth, the specific drone model is less important than the pilot’s skill. Good piloting matters. Before we look at attacks, we need to understand how control can be improved and how it can be extended beyond visual range.
Control via 4G
Flying a drone among urban buildings introduces challenges like concrete and steel obstruct radio signals, limiting line-of-sight range. Even if your drone has a long-range radio system, once it disappears behind a building, control becomes unreliable. But what if you could control the drone over mobile networks instead? Modern 4G cellular networks now offer reliable data coverage even inside many urban structures. If we can use cellular data as a control channel, the drone’s reachable range becomes limited only by its battery life, not by line-of-sight. Today’s 4G networks can provide sufficient bandwidth for both control signals and video feeds. Although the latency and responsiveness are not as good as dedicated radio links, they are quite usable for piloting a drone in many scenarios. Considering that drones can reach speeds up to 200 km/h and have flight times measured in tens of minutes, an attacker theoretically could operate a drone more than 20 km away from the controller using 4G connectivity.
4G > Wi-Fi Gateway > Drone
The simplest way to use 4G connectivity is to bridge it to the drone’s Wi-Fi interface. Most consumer drones broadcast a Wi-Fi access point that a mobile phone connects to for control. Commands are sent over UDP packets, and video is streamed back as an RTSP feed. In this setup, the drone already acts like a networked device. If you attach a small computing device with a 4G modem, you could connect to it over a VPN from anywhere, and relay commands to the drone. But this approach has major drawbacks. The control protocol is often closed and proprietary, making it difficult to reverse-engineer and properly relay. Additionally, these protocols send frequent packets to maintain responsiveness, which would saturate your 4G channel and compete with video transmission.
4G > Video Gateway > Drone
A much cleaner alternative is to use a video gateway approach. Instead of trying to tunnel the drone’s native protocol over the cellular link, you attach a small smartphone to the drone and connect it to the drone’s Wi-Fi. The phone itself becomes a bridge. It controls the drone locally and receives video. From the remote operator’s perspective, you are simply remoting into the phone, much like remote controlling any computer. The phone’s screen shows the drone’s video feed, and the operator interacts with the virtual sticks via remote desktop software. The phone app already handles control packet encoding, so there’s no need to reverse-engineer proprietary protocols.
This clever hack solves multiple problems at once. The phone maintains a strong local Wi-Fi link to the drone, which is hard to jam at such short range. The operator sees a video feed that survives 4G network variations better than high-bandwidth native streams. And because the app handles stick input, the operator doesn’t need to worry about throttle, roll, pitch, or yaw encoding.
Connecting to the phone via AnyDesk
You can connect to the phone over 4G from any device using remote-access software like AnyDesk. With simple GUI automation tools, you can bind keyboard keys to virtual controller actions on the phone screen.
Here is the Bash script that will help with it. You can find the link to it here
This Bash script allows you to control virtual joysticks once you connect via AnyDesk to the phone. You will use the keyboard to simulate mouse actions. When launched, the script identifies the emulator window (using xwininfo, which requires you to click on the window once), calculates the centers of the left and right virtual sticks based on fixed offsets from the window’s corner, and then enters a loop waiting for single key presses.
For each key (A/B for throttle, W/S/A/D for pitch and roll, Q/E for yaw), the script uses xdotool to move the cursor to the virtual stick, simulate a short swipe in the desired direction, and release. This effectively mimics a touchscreen joystick movement. The script runs on Linux with X11 (Xorg), requires xdotool and x11-utils, and gives a simple keyboard-based alternative for drone control when a physical gamepad isn’t available. Although Kali Linux is not suitable here, many other distros such as Debian Stable, antiX, Devuan, Linux Mint, openSUSE, Zorin OS, or Peppermint OS work well. So while Kali is often the go-to for security work, there’s still a list of usable operating systems.
Telemetry data is also available to the remote operator.
Telemetry example
In the system we describe, another script monitors screen regions where telemetry values are displayed, uses OCR (optical character recognition) to extract numbers, and can then process them.
Here is another bash script that will help us with this. It will repeatedly screenshot a selected drone ground control window, crop out the battery and altitude display areas, use OCR to extract the numeric values, print them to the terminal, and speak a “low battery” warning if the percentage drops below 10%..
With control and telemetry automated, full 4G-based drone operation becomes extremely flexible. This method is easy to implement and immediately gives you both control and status feedback. However, it does introduce an extra link, which is the Wi-Fi phone. The phone’s Wi-Fi signal may interfere with the drone’s normal operation, and the drone must carry some extra weight (about 50 grams) for this setup. In Part 2, we will go further. We will move from 4G > Wi-Fi > Drone to 4G > UART > Drone, using a custom VPN and SIM. That means the phone disappears completely, and commands are sent directly to the flight controller and motor control hardware. This will give us more flexibility.
That brings us to the end of Part 1.
Summary
Drones are rapidly transforming from hobby toys into serious tools across warfare, policing, intelligence, and hacking. A drone can slip past fences, scale buildings, hover near windows, and quietly deliver wireless attack platforms into places humans cannot reach. It opens doors to an enormous spectrum of radio-based attacks, from Wi-Fi exploitation to Bluetooth hijacking and beyond. For attackers, it means unprecedented reach.
See you in Part 2 where we begin preparing the drone for real-world offensive operations
The Federal Aviation Administration has been working to update its aging air traffic control system, literally, for decades now. But 2026 is looking to be a big year on the FAA modernization front. The One Big Beautiful Bill Congress passed earlier this year puts more than $12 billion toward air traffic control modernization, and the FAA’s new administrator expects to obligate about half of that by the end of this fiscal year.
The agency is on an aggressive schedule to completely replace the air traffic control system within the next three years, and the billions of dollars in reconciliation funding targeted for expenditure in fiscal 2026 is meant to lay the foundation for that long-term plan. The agency says it is using the funds to modernize its telecommunications and air surveillance systems, including by replacing aging copper circuits with fiber optics.
“When we talk about modernizing telco, most people think about moving from copper to fiber, going from analog to digital. And that’s all true, but there’s another element of modernization that we aren’t doing today,” Bryan Bedford, the FAA’s administrator, told the Senate Commerce Committee this month. “The second round of funding that we’re asking for will be to re-architect how the fiber is laid. For example, Dallas-Fort Worth recently had a significant outage. There, the system theoretically was modernized, but the architecture of that system had not been modernized. So there’s really a two-step process here. There is still another step that has to happen to get from analog to digital, which will drive the resilience and our capabilities to increase bandwidth in our facilities.”
Bedford told lawmakers the telco modernization work is now about 35% complete, and that portion of the overall project should be finished by the third quarter of fiscal 2027.
New prime integrator
But to finish all the work the agency believes will fully modernize the system, officials say they’ll need another $20 billion on top of the $12.5 billion they refer to as a “down payment.” And to manage the overall project, the FAA earlier this month hired Peraton to serve as the prime integrator for the new system.
In order to meet that three-year target, Bedford said the agency built in specific incentives to reward performance and on-time delivery across 14 areas the FAA has identified as “critical needs.”
“We set up a series of needs packages that clearly articulate what the work streams are and the estimated timeline to completion,” he said. “Peraton’s profit is essentially broken into three different elements. There’s a fixed profit element of 3% and then there’s a variable element of 6%. The variable element is contingent upon completing the plan on budget and on time with our satisfaction, and we will hold back 3% of the potential profits for any potential damages that might happen for failure to comply with our work packages. So it’s a very strenuous agreement, and we have vigilant oversight on it.”
Unsustainable legacy systems
Meanwhile, the agency says it will also need additional funding to keep the current system up and running while the new one is being built. The Government Accountability Office has identified 105 individual components of the overall system that it’s deemed unsustainable as those subsystems, many of them decades old, continue to age.
And so, Bedford said, the $5 billion in annual “modernization” funding Congress is considering as part of the standard appropriations process is more about operating and sustaining those legacy systems than modernizing them.
“As you read many of these audit reports, you learn the same thing that I have, which is 80% of our infrastructure is considered obsolete and/or unsustainable,” he said. “So the vast majority of that $5 billion doesn’t actually go to build new brick and mortar. 85 to 90% of those funds actually go to repairing, painting or replacing elevators and HVAC systems and plumbing and roofs. Frankly, we’re putting lipstick on a pig. So you may think you’re buying brand new infrastructure with the $5 billion but what you’re buying is sustainment of the old system.”
The overall modernization project is broken down into five categories: communications, surveillance, automation, facilities, and broad updates across the state of Alaska.
Workforce concerns
Sen. Tammy Duckworth (D-Ill.), the ranking Democrat on the transportation subcommittee on aviation, space, and innovation, argued there needs to be one more: workforce.
“We must remember that the recent aviation safety crisis was driven by decades of the FAA pouring billions into unproven technologies and costly service contracts as it pursued, in vain, modernization projects with overly ambitious goals and constantly changing requirements,” she said. “These shiny objects lured the FAA into neglecting the health, capabilities and capacity of our system’s most important assets, its people. Under Presidents of both parties and across multiple Congresses, ATC shed critical expertise and experience. And between 2013 and 2023, the FAA only hired two thirds of the controllers that the FAA’s own staffing model called for. So today, we find ourselves short 3,500 air traffic controllers, while air travel rises to record highs and controllers are forced to regularly work 60 hour weeks because well over 90% of airports are understaffed. Placing the lives of our constituents in the hands of civil servants who are overworked and utterly exhausted was and remains unfair, unacceptable and ultimately dangerous.”
Bedford said the agency is taking workforce issues seriously under a separate initiative, called Flight Plan 2026. He said the FAA has plans to hire 8,900 new controllers between now and 2028.
But the recent government shutdown didn’t help matters. An estimated 500 people withdrew from the FAA’s controller training programs while they were waiting for the government to resume normal operations. And for controllers already on the job, staffing shortages caused an unprecedented number of safety-related air traffic slowdowns.
“Staffing triggers reached unprecedented levels, rising from mere single digits prior to the lapse to more than 80 in a single day,” Bedford said. “Applying the hard lessons we’ve learned from the DCA accident, the FAA safety team identified controller workload and system demand as emerging risk factors. And as a response to this increased risk, we temporarily reduced operations at 40 high traffic airports. The connection between controller workload, system demand and operational risk was unmistakable, and it reinforced the need for the FAA to act decisively when the data demanded it, and underscored the importance of stable controller funding.”
Find out what is wrong with your azalea It can be frustrating when a prized shrub starts flagging and you don’t know what is wrong with your azalea. There are…
WitnessAI Delivers Security for the AI Era In the AI era, innovation is moving fast. Unfortunately, this means that the risks associated with this movement are too. Malicious activities like...
Network Security Reimagined: How Portnox is Solving the NAC Nightmare Security professionals have long wrestled with network access control (NAC) solutions that promise more pain than protection. Traditional NAC deployments...
RedExt turns Chromium into a browser-based C2 agent, collect cookies, DOM, screenshots, clipboard, system data via a Flask server and Chrome extension.
Login
