FCC Warns Hackers Exploit Insecure ‘Barix’ Radio Transmission Equipment to Broadcast Inappropriate Material
Published
Key Takeaways
- FCC alert: The FCC has issued a public notice about recent cyber intrusions targeting U.S. radio broadcasters.
- Attack method: Hackers are compromising improperly secured Barix network audio equipment to broadcast unauthorized content.
- Illicit broadcasts: The hijacked streams include fake EAS tones, obscene language, and other inappropriate material.
The Federal Communications Commission (FCC) has issued a warning to U.S. radio broadcasters following a series of cyberattacks that resulted in the transmission of fake emergency alerts and offensive content, as threat actors exploit improperly secured radio transmission equipment to hijack radio transmissions.
Barix Equipment Identified in FCC Emergency Alert Warning
These recent hacks were caused by a compromised studio-transmitter link (STL), the broadcast equipment that carries program content from the studio to remote transmitters, the FCC said. The FCC's investigation has pinpointed equipment made by the Swiss company Barix as the target of these intrusions.
According to the public notice, compromised devices are being reconfigured to stream attacker-controlled audio instead of the station's legitimate programming, causing significant disruption and public confusion.
“Threat actors often accessed improperly secured Barix equipment and reconfigured it to receive attacker-controlled audio in lieu of station programming,” according to the notice.
Attackers are gaining control of these devices and using them to broadcast a simulated Emergency Alert System (EAS) "Attention Signal" followed by their own audio. Recent incidents in Texas and Virginia have seen these hijacked streams used to broadcast bigoted and obscene language, Reuters has reported.
The Barix equipment hack appears to be enabled by weak security configurations, such as the use of default passwords, which provide an easy entry point for unauthorized access.
Broadcasters Urged to Implement Security Measures
In its FCC emergency alert warning, the agency has strongly urged broadcasters to take immediate action to secure their systems. Recommended security precautions include:
- changing default passwords on all equipment,
- ensuring that devices are not exposed to the public internet unless necessary,
- regularly installing software and firmware updates.
This is not the first time Barix devices have been involved in such incidents. Following a similar spate of hijackings in 2016, Barix stated its devices are secure when configured correctly and protected with strong passwords, placing the responsibility on users to implement basic security hygiene to prevent these fake emergency broadcasts.
In October, hackers breached airport PA systems in Canada and the U.S. to broadcast political and anti-Israel messages. Earlier this year, over 4 million VPN servers and home routers were exposed to hijacking due to tunneling protocol issues.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular