You may have read that an Indiana broadcaster’s EAS system was recently hacked, triggering multiple EAS alerts on linked stations and warning of a “zombie invasion.” The station group has been in touch with federal authorities and equipment suppliers to diagnose exactly what happened.
“Last week’s attack is all the reminder a station owner, general manager, and engineering staff need to conduct an immediate assessment of your station’s firewall and password management process. A vulnerable firewall led to the intrusion into this station’s system, and I strongly recommend that station personnel review the cybersecurity precautions needed to keep our broadcast facilities safe from attack,” said Indiana Broadcasters Association (IBA) State EAS Committee Chair Dan Mettler of iHeartMedia.
In an effort to avoid a similar issue at your station(s), it is highly recommended that you confirm changing EAS hardware from the default password and confirm EAS hardware is on a secure firewall that is setup without the default password or default IP address.
In the Indiana situation, apparently (as the result of a power outage a few weeks prior), the station’s firewall defaulted to an out-of-box condition that was eventually hacked after it was pinged repeatedly by an unknown person or persons. The hacker was able to crack into the stations’ SAGE EAS encoder and hijack the broadcast airwaves from linked stations for several minutes. The FCC, the FBI, and state Department of Homeland Security have all been involved. The vendor, SAGE, has sent new equipment to the station and encoder that was compromised is being evaluated by the company.
The MAB has reminded broadcasters to change default passwords on any equipment in the past, citing issues with Barix streaming devices.
Keeping broadcast facilities and listeners safe should be a high priority and Michigan broadcasters should be certain that they are not only prepared for an emergency, but also carefully following security precautions.
Update: Another hacking incident occured last week in Philadelphia where a radio station’s RDS was hijacked, displaying a anti-Trump message, including an expletive.