Quick disclaimer: I'm still learning this stuff. This comes out of a small personal project where I'm trying to secure the link between a hobby drone and its ground station. Everything below was tested in simulation (ArduPilot SITL) and a little on real hardware, on a very modest setup — so please take my own results with a grain of salt.
Context: a protocol everywhere, secured nowhere
If you build an open-source drone today, chances are it speaks MAVLink — the communication protocol between the drone and its ground control station (GCS), used by ArduPilot and PX4, running on millions of devices.
The catch: MAVLink was designed for one thing — performance. Compact packets, low latency, long range. Security wasn't part of the original spec, and it shows.
MAVLink in 30 seconds







