The Federal Communications Commission (FCC) on Tuesday issued a warning to television and radio broadcasters urging them to increase their cybersecurity awareness and practices following a string of incidents involving equipment used for emergency alerts and radio transmissions.
The warning came several days after two radio stations — one in Richmond, the other in Houston — were victimized by unknown cyberattackers who hijacked equipment used by both broadcasters and began airing offensive messages.
In one case, the hijackers aired fictitious Emergency Alert System (EAS) tones followed by a racist country music song, according to Radio Insight.
In a public notice issued on Tuesday, the FCC said improperly-secured equipment manufactured by Barix was likely to blame in those cases and others. Attackers were able to access Barix equipment to hijack a link between the radio station’s main studio and its field broadcast equipment, including transmission equipment used for a live football game.
Barix has not commented on the matter. Its equipment is primarily used to deliver raw audio transmissions over the Internet. The equipment ships with a default username and password, which is publicly available; in the instances involving signal hijackings, it appears the radio stations in question did not change the default password and weren’t proactive with security patches issued by Barix over time.
The FCC said radio stations should tighten passwords used to access Barix equipment and regularly change them to ensure malicious actors can’t access equipment. The agency also said radio stations should install Barix and emergency alerting equipment behind firewalls, ensure security patches are uploaded on a regular basis, and continuously monitor and audit emergency messaging equipment.
The full FCC notice is available to view by clicking or tapping here.
