The US telecommunications regulator FCC has issued an urgent warning to broadcasters following a series of cyber incidents in which attackers managed to take over broadcasts via vulnerable studio transmitter links.
The Public Safety and Homeland Security Bureau reports that malicious actors gained unauthorized access to inadequately secured Barix audio equipment, thereby taking control of the audio stream sent from the studio to the transmitter.
According to Reuters, there have been several cases in Texas and Virginia, among other places, where radio streams were temporarily hijacked and offensive material was broadcast. In some cases, the Attention Signal of the US Emergency Alert System was also misused, a warning sound that precedes official announcements about tornadoes, hurricanes, earthquakes, and other emergencies. The FCC confirms that attackers were able to reconfigure the devices so that they no longer transmitted the regular program stream, but instead transmitted an audio source controlled by the attackers.
The problem seems to lie mainly with Barix devices that are connected to the internet without adequate security measures. Devices were often found to have default passwords or were open to external access without filtering. Once inside, attackers could easily change the audio stream or inject Emergency Alert System tones. The FCC emphasizes that broadcasting actual or simulated EAS signals without authorization is a serious violation, as these signals are intended for official emergency communications.
Correct configuration is important
Broadcasters are strongly advised to install software updates and firmware patches immediately, replace default passwords with strong alternatives, and place their equipment behind firewalls. The FCC also requests active monitoring of log files to detect unauthorized access more quickly. In addition, the agency points to existing security guidelines from the Communications Security, Reliability and Interoperability Council from 2014, which are still relevant for securing broadcast systems.
Reuters reports that Barix did not respond to a request for comment. Barix refers to an earlier 2016 statement in which the company said the equipment can be used safely when correctly configured and protected with strong passwords. However, according to the FCC, the new incidents show that many systems are still insufficiently protected against modern cyber threats.
The regulator is calling on affected or suspicious radio stations to contact their equipment supplier or a specialized cybersecurity company. Incidents should also be reported to the FCC Operations Center and the FBI’s Internet Crime Complaint Center to better determine the extent of the cyberattacks.