Last month, a DoorDash driver in upstate New York delivered an item to a local house in Oswego—only to find the front door open and a man apparently unconscious or asleep on a couch in the front room. The man was also quite naked, with pants and underwear around his ankles, and he was fully visible from the porch.
The DoorDasher was a 23-year-old woman named Olivia Henderson, and she felt like the whole situation was some kind of creepy exploitation play. Was this guy purposely exposing himself to her? Was he even asleep? Should she have to endure the sight of random male genitalia just to make a few bucks?
She did not think so, and she decided to do something about it. Henderson filmed the man from outside the home, and she later posted the video on TikTok to shame him. Naturally, it went viral.
© TikTok
DEEP DIVE – It’s the opening act in a potential public health nightmare: a chicken dies on a farm, for no apparent reason; another perishes at a farm hundreds of miles away; it takes time for the farm owners to notice, more time for tests to be conducted and different anomalies connected, and before the diagnostics are complete, the damage is done – the first wave of a bird flu pandemic has broken.
Beyond natural outbreaks, there are also concerns involving deliberate acts: This week the Department of Justice charged three Chinese nationals with smuggling biological materials into the U.S.; and in June two Chinese researchers were charged with trying to smuggle a fungus into the U.S. that can devastate grain crops.
Some experts are imagining a world in which technology is harnessed to ensure that such biosecurity nightmares don’t happen – or are dealt with much faster and more effectively.
“What we're promoting is a system that can look at things more holistically and on a much larger scale,” Robert Norton, a professor of veterinary infectious diseases and coordinator of national security and defense projects at Auburn University, told The Cipher Brief. “The system is designed to fill gaps in biosurveillance, looking for disease outbreaks, whether they be naturally occurring or induced through bioterrorism.”
That proposed system has a name – BISR, for Biosurveillance Intelligence, Surveillance, and Reconnaissance – and its backers believe it would revolutionize the field of biosurveillance. The core concept is that sophisticated sensors and other tools used by the U.S. Intelligence Community (IC) can be leveraged to improve detection, and that artificial intelligence can be deployed to help fast-track diagnosis. The chicken-farm example is only one scenario; responses to a COVID-19-like outbreak or acts of bioterrorism would be improved as well.
Norton, Daniel Gerstein, a senior policy researcher at RAND, and Cris Young, professor at the College of Veterinary Medicine at Auburn, co-authored an article last year arguing that the creation of a BISR system was “a national security imperative at the crossroads of technology, public health, and intelligence.” The BISR, they wrote, “would be designed to address two mission-critical requirements for biosurveillance: rapid detection and predictive analysis.”
They have taken their plans to Capitol Hill – specifically, to the House Permanent Select Committee on Intelligence, where they say they have received “good reviews.” The Select Committee wouldn’t comment on the BISR proposal itself but in a statement to The Cipher Brief, a spokesperson said that “The Committee continues to explore various biosecurity initiatives and programs to ensure that the U.S. is postured sufficiently to combat and prevent any future biosecurity threats that could cause widespread harm.” The statement went on to say that the Committee is working with the Office of the Director of National Intelligence (ODNI) “to establish an Office of Intelligence within the U.S. Department of Agriculture to address threats to U.S. agriculture.”
The threats are clear, to agriculture and beyond. The U.S. remains vulnerable to biologically driven disruption – be it from another COVID-like pandemic, an outbreak of bird flu that reaches humans, or bioterrorism. Anxiety over the latter has grown as experts worry that AI may be used to create dangerous biological pathogens.
At last year’s Cipher Brief Threat Conference, Jennifer Ewbank, a former CIA Deputy Director for Digital Innovation, warned of “the application of AI in biological weapons by unsavory actors.” And a 2024 report from the Johns Hopkins Center for Health Security said that the same AI capabilities that might produce medical breakthroughs could – inadvertently or otherwise – lead to the creation of deadly pathogens. AI models may “accelerate or simplify the reintroduction of dangerous extinct viruses or dangerous viruses that only exist now within research labs,” the report found.
How prepared is the U.S. to counter such threats? And might a technology-driven “BISR” system revolutionize biosurveillance, as its backers contend?
Save your virtual seat now for The Cyber Initiatives Group Winter Summit on December 10 from 12p – 3p ET for more conversations on cyber, AI and the future of national security.
How a “BISR” might work
The crux of the case for a BISR system is twofold: first, that an array of sophisticated data-gathering tools – drones, satellites, hyperspectral sensors and others – can be mobilized to track biosecurity anomalies; and that trained AI models would analyze the data that the system collected. The system’s architects envision a BISR “dashboard” that provides first responders and decision makers in government, the military and business near-real time insight and analysis.
It’s a high-tech effort to gather clues – a change in a community’s waste water, a spike in the sales of certain medications, even the breathing or social behavior of animals – and assess their meaning more rapidly than current systems allow.
“Our system is agnostic,” Norton said. “It doesn’t matter whether it’s a natural disease outbreak or a terrorism event, it’s looking for those changes and then being able to rapidly detect them and rapidly alert the individuals that are responsible.”
To expand on the chicken-farm scenario: at the moment, one animal’s death might lead a farm worker to call the company veterinarian, the veterinarian would take samples, the farm would look at the flock as a whole, and samples would be brought to laboratories for tests. Ultimately the case might go to a national lab to determine whether avian influenza or another condition was present.
Public health officials say the current system works – but can be slow. Advocates for the BISR system say it would at minimum improve the speed of response, gaining valuable time to determine not only whether a virus was present, but also how it might be circulating in the broader environment. Sensors in and around the poultry houses would track not only a dead chicken, but also the emissions and even behavioral anomalies within the flock – “pattern-of-life” behavior, as the experts say. Any anomaly would be flagged and the system “tipped off,” as Auburn’s Cris Young put it, to alert sensors on other farms.
“The sensors would tip and cue other sensors that would then take a larger look at the larger area or even a state,” Young told The Cipher Brief, “to determine if those signatures coming off of that one particular house that's affected are similar to things happening in other houses.”
Given the sheer volume of data generated by a BISR system, AI models would be used to rapidly assess the data – and check anomalies against specific pathogens.
BISR’s proponents say a similar approach could be taken with viruses among humans, providing more rapid early-warning mechanisms and analysis.
“Advances in sensor capabilities, coupled with the use of AI platforms, provide new capabilities that could be applied to the detection of biological events in the early stages of an outbreak,” the authors of the BISR article wrote. “The concept would provide new tools for early detection, response, mitigations, and ultimately, recovery from an outbreak.”
Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.
The tools of a BISR system
The system’s architects say most of its high-tech elements already exist – sensors in place on poultry farms or in public spaces, and various tools of ISR (intelligence, surveillance and reconnaissance) that are currently used across the IC. These might include multispectral and hyperspectral sensors, and many airborne assets – balloons, drones, aircraft and satellites – that have been used to detect concentrations of gases for national security purposes. The International Space Station, for instance, regularly uses hyperspectral imaging to map the earth’s surface, and the Department of Defense uses hyperspectral imaging for several purposes – including detection of chemical and biological hazards.
Norton cited the example of the IC’s use of satellite imagery to monitor concentrations of nitrate in Afghanistan – because high levels of nitrate often indicated the presence of bomb-making facilities. Nitrate is also a component found in animal waste – and so in the public health example, he said, satellite imagery could be used to monitor levels of nitrate and other compounds on a farm.
Ultimately, BISR’s proponents believe the system could also be used to monitor the volatilome (essentially, what humans and animals breathe out) of people at airports or stadiums or other crowded environments, and alert public health officials about anomalies in the data. Young described a scenario in which international arrivals at Atlanta’s Hartsfield Airport – the nation’s busiest – would be watched by hyperspectral sensors to detect anomalies in respiration.
“We might have sensors set up in multiple places as [people] disembark from their flight,” Young said. “There might be several places to take a different scan with multiple sensors, and we might be able to say with some certainty, this person is infected with let's say COVID, and this person is actually shedding the virus.”
The hope is that any anomaly – be it on a chicken farm or at a crowded airport – would tip the system to sweep up other relevant information: Have ER visits spiked in a community? Does social media from that community suggest related anomalies? And so forth. Ideally, a dangerous pathogen would be flagged and identified before it leads to a pandemic, or an act of bioterror would be detected at the earliest possible moment.
Michael Gates, CEO of GDX Development, a company that bills itself as “solving very complex national security challenges,” says he joined the BISR effort “from the technology side of the equation.” GDX has worked previously with the U.S. Special Operations Command. Gates says the key to BISR’s success will involve “sensor fusion” – the linking of a range of data-gathering mechanisms.
“If you think about the world of the Internet of Things, everything's a sensor, and there's not very many systems out there that have the ability to collect off of all of those sensors, bring that data payload in, and then push it into a single pane of glass that can be used for military operations, for intelligence sharing or more tactical things,” Gates told The Cipher Brief.
In the chicken farm example, Gates envisions “sensor fusion” ranging from a hyperspectral scan to “available drone assets” and ultimately “zeroing in down to sensors such as temperature, air purification, even cameras monitoring chicken behaviors.”
Once a problem has been identified, Gates said, “you can use open-source intelligence and other things to mine, let's say, a Reddit form for these things – is anybody talking on the internet about their chicken coops having issues? – and so on, for whatever the issue is.”
“There's already enough sensors out there,” he added. “The data is there. What's happening is that information's not being shared. It's not being centralized, meaning we're getting delayed responses...Nobody has a holistic picture right now on biosurveillance.”
In the early stages of a crisis, the BISR might do a lot of work before humans are engaged, though the Auburn professors stress that the system aims only to provide experts a head start, rather than cut them out of the proverbial “loop.”
“We support human-in-the-loop artificial intelligence systems,” Young said. “We want there to be a person that has to look at this screen at some point and say, okay, I understand what's going on here. Maybe that happens within minutes of an anomaly occurring, but regardless, at some point a person needs to decide, Yes, that's what this is, or No, we need further information.”
Sign up for the Cyber Initiatives Group Sunday newsletter, delivering expert-level insights on the cyber and tech stories of the day – directly to your inbox. Sign up for the CIG newsletter today.
The challenges
Norton and Young say they have presented their plans to the House Select Committee and are prepared to do the same to the Defense Advanced Research Projects Agency (DARPA). They believe their system can be 80 percent complete in three years and fully functional in five. As for costs, they say the first two years would require a budget of $10 million, and that the system’s operating costs would eventually be $300 million annually. They argue that billions of dollars have been spent in the biosurveillance domain, and that the BISR would be a major upgrade over existing capabilities.
It may sound like a no-brainer – the smart use of technology to guard against myriad biosecurity threats – but questions abound about BISR and its future. And many of the hurdles to its implementation involve, in one way or another, the human element.
Just as the Intelligence Community has struggled at times to share information and assess national security risks, the government architecture in biosurveillance is complex and often siloed. A host of agencies share responsibility for the nation’s biosecurity – the Centers for Disease Control (CDC), the Health and Human Services Department (HHS), the National Institutes of Health (NIH), the Department of Homeland Security (DHS) and the Department of Agriculture (USDA), to name a few. Experts say they don’t always communicate effectively with one another – and that states don’t always share critical information effectively with the federal government.
Dr. Tom Inglesby, Director of the Johns Hopkins Center for Health Security, noted that in the most recent bird flu outbreak in the U.S., some states wanted to handle the information and response without involving the federal government.
“They weren't even very interested in USDA at times,” Inglesby told The Cipher Brief. “So they said, we'll handle this on our own and we'll let you know. Meanwhile, CDC has to wait for states to bring them the data and information. They don't have command authority to say you must deliver it. It's a voluntary basis.”
Norton says the BISR developers are hoping to partner with one “Mother Ship” agency within the IC – he wouldn’t say which one – because the IC controls the government’s most sophisticated satellites and other data-gathering systems. He also said that while the system involves high-tech elements and the building of the BISR “dashboard,” technology isn’t the primary hurdle.
“Biosurveillance is not a technology problem, but rather a permissions and authorities problem,” Norton said. That might involve permission to use a Pentagon satellite for biosecurity purposes, he said, or agreement from a major industrial farm to share its data or house sensors on its property.
Inglesby said that transparency and information-sharing would be critical for a BISR-like system to work – and that in the case of the chicken farm example, key stakeholders might be unwilling to cede control of the analytical process to a BISR “dashboard.”
“You have the farm owner who will want to make his or her own assessment, you have local government that may not want outsiders coming in and making a determination for them, and you might have unwillingness even at the federal level to do this,” Inglesby said. “You’re going to need an across-the-board buy-in that we haven’t always seen.”
There are also questions about technical implementation. In the Atlanta airport example, Norton acknowledged that even a highly sophisticated hyperspectral sensor wouldn’t be able to detect, say, COVID-19, unless passengers were directed to a discrete area close to the sensors – and here again, permissions would be needed to install such sensors. The post-COVID atmosphere has suggested less public appetite in the U.S. for intrusive screening, not more. The House Select Committee, in its statement to The Cipher Brief, included a reference to “ensuring any proposal balances privacy and the need to avoid the abuses of the COVID-19 period.”
Inglesby also stressed the importance of transparency on the global stage when it comes to public health crises. In the early days of the COVID-19 pandemic, China failed to share the detailed casework of its first 500 patients in the “ground-zero” city of Wuhan – and more than five years later, it still hasn’t done so.
“In Wuhan, the data was very available, there were a lot of people dying, but the data was covered up,” Inglesby said. “And so even if you had installed the most sophisticated systems, if they're being run by people who don't want to share that information, it's not going to change anything.”
Some early-warning biosurveillance systems are already in place, in the world of what’s known as “Syndromic Surveillance” – and experts say many have worked well.
The CDC’s BioSense platform gathers health-related data from hospitals and clinics to detect potential outbreaks or bioterrorism events. As a part of BioSense, "Sentinel Alerts" are generated when reports involve high-concern viruses or diseases. In the case of influenza (the human variant), alerts are triggered when more than 3 % of ER visits are for the flu. Globally, satellites have been used to track dengue fever outbreaks by measuring water levels in the jungle. And wastewater surveillance systems exist to check on levels of bacteria or viruses.
A less positive precedent is the BioWatch program, which was created by DHS in 2001 and billed as "the nation's first early warning network of sensors to detect biological attack." The system tracks the air supply using Environmental Protection Agency air filters, and sends information to the CDC and – if warranted, to the FBI. The system has been blamed for generating dozens of false positives, and in an audit reported by the Associated Press in 2021, BioWatch was said to have failed in detecting known threats.
Norton told The Cipher Brief that today’s technologies are sophisticated enough to ensure that BISR would operate at a higher level than BioWatch. He added that rigorous standards in the AI models would “prevent AI hallucinations” that could cause false positives – or worse, false negatives.
And Inglesby was quick to note that any improvements in early warning and diagnostics would be welcome.
“There is no single system in the country, and people have been talking about building stronger biosurveillance for a long time,” he said. “Anything you can get done in this space would be super-valuable, assuming the costs aren’t prohibitive and you get the buy-in to use this information wisely.”
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief
Bitcoin Magazine
Tether Is Buying Bitcoin’s Revolution, How Devastating Will The Consequences Be?
When the GENIUS Act became law on 18 July 2025, the crypto industry celebrated it as the end of regulatory uncertainty. The Act requires licensed stablecoin issuers to hold liquid reserves such as cash and U.S. Treasuries, publish monthly disclosures, and submit to federal or state supervision. At the same time, Congress shelved a federal central bank digital currency.
Supporters saw this as a victory for innovation, but critics called it a quiet federalization of private money. The United States no longer needs to issue its own digital dollar. It has simply delegated that function to private issuers operating under oversight. For Bitcoiners, whose movement was built around sound, decentralised money, that shift should have triggered alarm bells.
The biggest beneficiary of this new framework is Tether Limited, whose USDT token dominates global stablecoin supply. In its Q2 2025 attestation, Tether Limited reported a net profit of approximately $4.9 billion and total exposure to U.S. Treasuries exceeding $127 billion. Treasury bills and reverse repo holdings. Its balance sheet showed nearly $120 billion in Treasuries, making Tether one of the world’s largest private holders of U.S. government debt.
Custody of those assets rests with Cantor Fitzgerald, the Wall Street firm led by Howard Lutnick. Lutnick has publicly defended the soundness of Tether’s reserves, confirming Cantor’s role as custodian while emphasizing that it holds no equity stake in the company.
The connection is now more delicate: Lutnick was later nominated for a senior White House economic position overseeing elements of trade and financial regulation. That appointment places a federal policymaker in proximity to one of the largest private holders of U.S. government debt and the key custodian for a company whose dollar backed token depends on the U.S. Treasuries for profit. The optics are uncomfortable. What began as a business relationship now blurs into a potential conflict of interest, embedding Tether in Wall Street’s plumbing and within the political apparatus that governs it.
In effect, Tether has become a private central bank: issuing dollar liabilities, earning seigniorage, and distributing liquidity through the crypto economy, all while piggy backing on U.S. sovereign debt. Its profit per employee rivals the most profitable institutions in finance.
Stablecoins promise fast, borderless payments; however, their architecture depends on compliance. Since December 2023, Tether has maintained a proactive wallet-freezing policy for addresses sanctioned by the U.S. Office of Foreign Assets Control. The company says it has frozen billions in tokens linked to illicit activity and now works directly with the U.S. Secret Service and FBI.
This is not inherently sinister, it’s what regulators demand, but it means enforcement now operates within the money itself. The control lever no longer sits solely with banks, it resides in the smart contract of the token issuer.
As Tether expands USDT onto Bitcoin adjacent networks such as Liquid and the RGB protocol, the same compliance logic will travel with it. The more Bitcoin infrastructure hosts these tokens, the more identity, KYC, and whitelisting mechanisms will appear around Bitcoin wallets and payment channels. The network that once prided itself on neutrality risks becoming a conduit for surveillance grade rails.
The GENIUS Act’s passage also realigned the politics of digital currency. Its sponsors framed it as an anti-CBDC measure, arguing that private stablecoins preserve choice and limit government power. However, the result is nearly identical to what a central bank digital currency would achieve: programmable, trackable dollars, only administered by corporations instead of the Fed. Some analysts have called this the birth of a “CBDC by proxy.”
The policy also meshes neatly with fiscal priorities. Every USDT minted represents demand for short dated Treasuries, effectively financing the same government that stablecoin advocates claim to bypass. Tether’s profits flow from the interest rate paid on those securities, an invisible subsidy from public debt to private issuers.
By situating stablecoins within the traditional bond market, the U.S. has created a dollar based feedback loop: bitcoin demand supports Treasury issuance, and Treasury yields support bitcoin profitability. In that loop, decentralization is incidental.
Within the Bitcoin community, opposition to altcoins remains strong, but sponsorships, event partnerships, and integrations show how quickly principle bends toward funding. Bitcoin conferences increasingly feature Tether executives and supporters on stage, often framed as “bridges” to adoption.
A familiar refrain has emerged among those bitcoiners who take money from Tether, ‘if stablecoins are inevitable, it’s better they be run by Bitcoiners’. Another popular defence is that Tether provides a lifeline for people in countries locked out of the dollar system or suffering from hyperinflation and collapsing economies. This is an emotionally persuasive narrative. These convenient mantras turn compromise into virtue, allowing Bitcoiners to take sponsorships and funding from the same system they once swore to oppose.
That logic may offer comfort to some, but erodes clarity. USDT on Bitcoin does not make Bitcoin more sovereign; it makes the dollar more omnipresent. When Bitcoin developers or advocates align with Tether for sponsorship or exposure, they lend moral legitimacy to a system that thrives on fiat’s dominance. The irony is that Bitcoin’s fiercest defenders are now helping entrench the very structure it was built to escape.
Tether’s scale gives it power in markets and in messaging. With billions in annual profits and deep links to Wall Street custodians, it can sponsor conferences, fund research, and influence narratives across the digital asset world. Its executives appear frequently at policy forums to present stablecoins as allies of innovation and freedom. Each appearance helps normalise the idea that regulated, dollar denominated tokens represent progress for Bitcoin.
But the money tells a different story. Each stablecoin transaction that settles in USDT extends the dollar system’s reach and perpetuates the weaponization of money. Every layer of compliance embeds surveillance deeper into the blockchain economy. And every Bitcoiner who accepts that trade off helps build a network where decentralization endures mostly as branding.
Bitcoin doesn’t need a conspiracy against it; it only needs its followers to forget what made it different. The GENIUS Act, the rise of Tether, and the regulatory preference for private rails all point to a future where digital cash exists, but never without permission. The Trojan horse is not Tether, it’s the belief that working with it preserves freedom.
In the end, too many Bitcoiners remain exactly where Tether wants them, still tethered to the system they are trying to escape.
This is a guest post by Plain Memo. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.
This post Tether Is Buying Bitcoin’s Revolution, How Devastating Will The Consequences Be? first appeared on Bitcoin Magazine and is written by Plain Memo.
Welcome back, my aspiring cyberwarriors!
Every few minutes an airplane may fly over your head, maybe more than one. If you live close to an airport, the air traffic in your area is especially heavy. Services like Flightradar24 show information about aircraft in the air with surprising accuracy because they get data using the ADS-B protocol. You can collect that data yourself, and here we will show how.
Of course, everyone has flown on a plane or at least seen one. These large metal birds circle the globe and carry hundreds of millions of people to different parts of the world. That wasn’t always the case. Just 100 years ago people mostly moved by land and there were no highly reliable flying machines. After planes were invented and commercial flights began, it became clear that we needed a way to track aircraft in the sky, otherwise accidents would be unavoidable. Radar and visual observation are not enough for this, so radio communication came into use. Now every aircraft has an aviation transponder on board. It makes life much easier for dispatchers and pilots, as the aircraft sends data from onboard sensors and receives instructions from the ground while in flight.
Put simply, an aviation transponder is a two-way radio device that does two things:
1. Answers queries from ground stations: when an air traffic controller requests data, the transponder replies automatically. A query for data is also called interrogation.
2. Acts as an airborne radio beacon: in this mode the transponder periodically broadcasts information about itself, for example position or speed.
There are different generations or modes of transponders. Each was created for different purposes and has its own signal structure. Although newer modes keep the features of the older ones, the signal protocols are not mutually compatible. There are five main modes:
1. Mode A: transmits only the aircraft’s identification code. This code can be hard-programmed into the transponder or assigned by the dispatcher before flight. In practice Mode A was mostly used to track which aircraft was at which airport.
2. Mode C: developed later, it allowed tracking not only the aircraft ID but also flight altitude. Its main advantage was that altitude could be obtained automatically without asking the pilot.
3. Mode S: this is the modern mode used on about 99% of all aircraft today. It allows not only reading sensor data from the aircraft but also sending data back to the plane. In Mode S an aircraft has full two-way communication with ground stations. ADS-B, which we will look at today, is part of this mode.
4. Mode 4 and Mode 5: these are more advanced but used only by the military. Both are much better protected (that is, they have some security, unlike the older modes), so they are not something we can play with.
A careful reader will notice we did not include Mode B or Mode D in the list. Both existed only briefly, so it makes little sense to discuss them here.
If you read the description of Mode S closely, you’ll notice that Mode S messages are normally sent by the transponder in response to a ground station query. All of them except ADS-B. ADS-B stands for Automatic Dependent Surveillance Broadcast. In plain English that means it is an automatic flight-tracking system. The word “Broadcast” means the messages are sent out to everyone, not to a specific recipient, and that lets us receive them.
Many people treat ADS-B as a separate transponder mode on the same level as Mode A, C, or S, but actually ADS-B is just a part of Mode S. An ADS-B message is simply a Mode S message with type 17.
We will focus on ADS-B (type 17) in this article, but it helps to know about other Mode S message types for context:
All-call reply (type 11): the transponder replies to a ground interrogation with a unique 24-bit identifier. This number is usually programmed at the factory and does not change, although in military contexts it may be altered.
ACAS short and long replies (type 0/16): messages used by collision-avoidance systems. If a transponder detects another aircraft nearby it will send alerts to other systems that can prevent a mid-air collision.
Altitude and identity replies (type 4/5): messages containing altitude and the call sign (the so-called squawk code that the pilot enters before flight).
Comm-B (type 20/21): messages with readings from onboard sensors, planned route, and other data useful for aircraft control.
ACAS is especially clever in how it works, but discussing it in detail would take us beyond this article.
All Mode S transmissions to aircraft use 1030 MHz (uplink), and transmissions from aircraft to the ground use 1090 MHz.
The radio transmission itself is not encrypted. It carries a lot of useful information about the aircraft’s position, altitude, speed, and other parameters. That is how services like Flightradar24 started making aircraft information available to everyone for free. These services collect data from many sensors installed by volunteers around the world. You can become one of those volunteers too. All you need is to sign up and get a receiver from a service operator for installation.
ADS-B signals are transmitted by aircraft on 1090 MHz, just like the other Mode S signals. The other frequency, 1030 MHz (uplink), is not needed for ADS-B because ADS-B transmissions are sent without being asked.
Pulse-Position Modulation (PPM) is used to encode the signal. In basic terms, the transmitter sends bits over the air that can be read by sampling the signal every N microseconds. On ADS-B each bit lasts 0.5 microseconds, so you can sample every 0.5 μs, see whether the signal level is high or low at each moment, record that, then convert the result into bytes to reconstruct the original message. That’s the theory, in practice it’s more challenging.
If you take the raw sampled data you first get a bit of a mess that must be parsed to extract useful information. The messages themselves have a clear structure, so if you can find repeated parts in the data stream you can reconstruct the whole packet. A packet consists of a preamble and the data payload. The preamble lasts 8 μs, and then the data follows for either 56 or 112 μs.
The preamble is especially important because all aircraft transmit on the same frequency and their signals can arrive at the receiver at the same time. Loss of overlapping signals is handled simply: if a receiver fails to catch a message, some other receiver will. There are many receivers and they cover all inhabited land on Earth, so if a particular signal is too weak for one receiver it will be loud enough for another. This approach doesn’t guarantee every single signal will be caught, but ADS-B messages are transmitted repeatedly, so losing some packets is not a disaster.
We already said each bit is encoded as 0.5 μs, but to make reception easier a convention was introduced where one real bit is encoded using two half-microsecond elements. A logical one is encoded as “1 then 0”, and a logical zero as “0 then 1”. For example, data bits 1011 would be transmitted as 10011010. This does not complicate the receiver much, but it protects against noise and makes the signal more reliable. Without this doubling, a sequence of zeros would look like silence. With it the receiver always detects activity, even when zeros are sent.
Suppose we decoded the signal and found a message. Now we need to decode the payload and filter out unwanted messages (that is, all Mode S messages except ADS-B).
The ADS-B message length we care about is 112 μs, which corresponds to 112 bits (thanks to the two-half-microsecond coding!). The message divides into five main blocks:
1. DF (Downlink Format) – the format code, 5 bits. For ADS-B this is always 17.
2. CA (Transponder capability) – type of transponder and its capability level, 3 bits. This tells a controller what data can be requested from this transponder. This field can be 0, 4, 5, or 6. Values 1–3 and 7 are reserved for future use. 0 means a first-level transponder, usually without ACAS. 4 means a second-level (or higher) transponder that can send altitude (i.e., supports Mode C and Mode S) but does not have ACAS. 5 and 6 are like 4 but with ACAS support: 6 indicates ACAS may be enabled, 5 indicates ACAS may be present but disabled.
3. ICAO — unique aircraft number, 24 bits. This number identifies the signal sender. It is typically programmed once at the factory and does not change during operation, although some people know how to change it. Military transponders follow different rules, so anything can happen there.
4. ME (Message) – the actual payload with data about altitude, speed, or other information. Length is 56 bits. We will look at this block in detail below.
5. PI (Parity/Interrogator ID) – checksum, 24 bits.
The ME field is the most interesting part for us because it carries coordinates, speed, altitude, and other data from onboard sensors. Since 56 bits are not enough to carry all possible data at once, each message has a type indicated by the first five bits of ME. In other words, there is a nested format: Mode S uses a certain message type to indicate ADS-B, and ADS-B uses its own internal type to say what data is inside.
ADS-B defines 31 data types in total, but we will review only the main ones.
Type 1-4: identification messages. They contain the call sign and other registration/identification information (for example, whether this is a light aircraft or a heavy one). These call signs are shown on airport displays and usually reflect the flight number. A decoded message looks approximately like this:
Type 5-8: ground position. These messages are used to know where and on which runway the aircraft is located. The message may include latitude, longitude, speed, and heading. Example decoded message:
Type 9-19: airborne position (usually transmitted together with altitude). It is important to understand that you will not always find latitude and longitude in the usual long numeric form in these messages, instead a compact notation is used.
Type 19: aircraft velocity.
We could go bit-by-bit through the structure of each message, but that takes a long time. If you are really interested you can find ready ADS-B parsers on GitHub and inspect the formats there. For our purpose, however, diving deeper into the protocol’s details isn’t necessary right now, because we are not going to transmit anything yet.
To describe a location, we usually use latitude and longitude. A 32-bit floating number can store them with about seven decimal places, which is accurate down to a few centimeters. If we don’t need that much detail and are fine with accuracy of just tens of centimeters, both latitude and longitude together could be stored in about 56 bits. That would have been enough, and there would be no need for special “compressed” coordinate tricks. Since an airplane moves at more than 100 meters per second, centimeter-level accuracy is useless anyway. This makes it strange why the protocol designers still chose the compact method.
CPR (Compact Position Reporting) is designed specifically to send coordinates compactly. Part of CPR was already visible in the coordinate example earlier. Because it’s impossible to compress a lot of data into a small field without loss, the designers split the data into parts and send them in two passes with packets labeled “even” and “odd”. How do we recover normal coordinates from this? We will show the idea.
Imagine all aircraft flying in a 2D plane. Divide that plane into two different grids and call them the even grid and the odd grid. Make the even grid 4×4 and the odd grid 5×5. Suppose we want to transmit a position that in a 16×16 grid is at (9, 7). If we had one grid we would just send 9 and 7 and an operator could locate us on the map. In CPR there are two grids, though.
In these grids we would represent our position (9, 7) as (1, 3) on the even grid and (4, 2) on the odd grid. When an operator receives both messages, they must align the two grids.
If you overlay the grids with the received coordinates, the point of intersection is the true location.
We described the algorithm without math so you can imagine how coordinates are reconstructed from two parts. The real grids are far more complex than our toy example and look like the image below.
Now that we understand the main parts of the protocol, we can try to receive a real signal. To receive any such signal you need three basic things: an antenna, a receiver, and a PC.
Start with the most important item, which is the antenna. The choice depends on many factors, including frequency, directionality of the signal, and the environment where it travels. Our signal is transmitted at 1090 MHz, and we will receive it outdoors. The simplest antenna (but not the most efficient) is a straight rod (a monopole). You can make such an antenna from a piece of wire. The main thing is to calculate the right length. Antenna length depends on the wavelength of the signal you want to receive. Wavelength is the distance between two neighboring “peaks” of the wave.
Lambda (λ) is the wavelength. You get it from frequency with the formula λ = C / f, where C is the speed of light and f is the signal frequency. For 1090 MHz it is about 27.5 cm. If you take a metal rod of that length you get a full-wave antenna, which you can safely shorten by half or by four to get a half-wave or quarter-wave antenna, respectively. These different designs have different sensitivity, so I recommend a half-wave antenna, which should be roughly 13.75 cm long.
We won’t build our own antenna here. It is not the simplest task and we already had a suitable antenna. You might use radio handheld antennas if you receive outdoors and there isn’t too much interference. We use a simple vertical coil-loaded whip antenna. It behaves like a whip but is shorter because of the coil.
You can measure antenna characteristics with a special vector network analyzer that generates different frequencies and checks how the antenna reacts.
The output from NanoVNA looks complicated at first, but it’s simple to interpret. To know if an antenna suits a particular frequency, look at the yellow SWR line. SWR stands for standing wave ratio. This shows what part of the signal the antenna radiates into the air and what part returns. The less signal that returns, the better the antenna works at that frequency. On the device we set marker 1 to 1090 MHz and SWR there was 1.73, which is quite good. Typically an antenna is considered good if SWR is about 1 (and not more than 2).
For the receiver we will use an SDR dongle. It’s basically a radio controlled by software rather than a mechanical dial like old receivers. Any SDR adapter will work for ADS-B reception, from the cheap RTL-SDR to expensive devices like BladeRF. Cheap options start around $30, so anyone can get involved. We will use a BladeRF micro, as it supports a wide frequency range and a high sampling rate.
Once you have an antenna and an SDR, find a place with few obstructions and low interference. We simply drove about ten kilometers out of town. Signals near 1 GHz (which includes ADS-B) don’t travel much past the horizon, so if you don’t live near an airport and there are obstacles around you may not catch anything.
To inspect the radio spectrum we use GQRX. This program is available for Linux and macOS. On Windows we recommend SDR#. In Ubuntu GQRX can be installed from the standard repositories:
bash$ > sudo apt update
bash$ > sudo apt install -y gqrx
Then increase the volume, select your SDR as the input source, and press the large Start button. If everything is set up correctly, your speakers will start hissing loudly enough to make you jump, after which you can mute the sound with the Mute button in the lower right corner.
You can choose the receive frequency at the top of the screen, so set it to 1.090.000, which equals 1090 MHz. After that you will see something like the screenshot below.
The short vertical strips near the center are ADS-B signals, which stand out from the background noise. If you don’t see them, try changing the gain settings on the Input Controls tab on the right. If that does not help, open FFT Settings and adjust the Plot and WF parameters. You can also try rotating the antenna or placing it in different orientations.
When you get stable reception in GQRX you can move to the next step.
In practice, people who want to receive and decode Mode S signals usually use an existing program. A common open-source tool demodulates and decodes almost all Mode S signals and even outputs them in a neat table. To verify that our setup works correctly, it’s best to start with something that’s known to work, which is dump1090.
To install it, clone the repository from GitHub and build the binary. It’s very simple:
bash$ > git clone https://github.com/antirez/dump1090
bash$ > cd dump1090
bash$ > make
After that you should have the binary. If you have an RTL-SDR you can use dump1090 directly with it, but we have a BladeRF which requires a bit more work for support.
First, install the driver for your SDR. Drivers are available in the repositories of most distributions, just search for them. Second, you will need to flash special firmware onto the SDR. For BladeRF those firmware files are available on the Nuand website. Choose the file that matches your BladeRF version.
Next, download and build the decoding program for your SDR:
git clone https://github.com/Nuand/bladeRF-adsb
cd bladeRF-adsb/bladeRF_adsb
make
Then flash the firmware into the BladeRF. You can do this with the bladerf-cli package:
bash$ > bladeRF-cli -l ~/Downloads/adsbxA4.rbf
Now run dump1090 in one terminal and bladeRF-adsb in another (the commands below are examples from our setup):
bash$ > ~/Soft/dump1090/dump1090 --raw --device-type bladerf --bladerf-fpga ' '
bash$ > ~/Soft/Blade/bladeRF-adsb
If everything is correct, in the dump1090 window you will see many hexadecimal lines, those are Mode S messages that still need to be decoded and filtered.
If you remove --raw from the dump1090 startup arguments, the program will automatically decode messages and display them in a table.
Now you’ve seen how aircraft transponders work, what ADS-B actually is, and how signals at 1090 MHz can be received and decoded with simple equipment. None of this requires expensive tools, just an antenna, a software-defined radio and some patience. Once it’s ready, you can watch the same kind of live flight data that powers big services like Flightradar24. We kept the heavy math out of the way so it stays approachable for everyone, but still leaves you with something useful to take away. It’s possible to push yourself further and do it the hard way without relying on tools like dump1090, but that path takes a lot more time, patience, and willingness to grind through the details.
The post SDR (Signals Intelligence) for Hackers: Capturing Aircraft Signals first appeared on Hackers Arise.
Login