Over the past several weeks, stories of Barix device
hijacking have popped up from around the country. Most recently, hackers have been taking over the signals of radio stations, substituting regular programming with a recorded loop of an “obscene anti-Donald Trump song.”
Radio Insight has been reporting many of these recent hacks.
In April 2016, MAB News Briefs reported on the initial hacking of Barix STL devices by unknown person(s). The advice given then and still holding true today is to change the default passwords on any Barix streaming devices that may be in use by a station. Read our original article here.
On February 4, the Society of Broadcast Engineers (SBE) issued the following advisory at the request of the FCC:
The SBE is sharing the following message with our members at the request of the FCC.
The Federal Communications Commission is requesting your assistance in disseminating the information below to your organization’s members.
It has come to our attention that unauthorized persons recently may have illegally gained access to certain audio streaming devices used by broadcasters and may have transmitted potentially offensive or indecent material to the public. We believe that the reported cases involved unauthorized access to equipment manufactured by Barix, which some licensed broadcasters use for studio-to transmitter (STL), remote broadcast (remote) and similar audio connections. We understand that the unauthorized access to the devices may be due, in part, to instances where the licensee fails to set a password for devices with no default password, or to re-set default passwords on the Barix device.
We urge licensees to take all available precautions to prevent future unauthorized transmissions. In many cases, there may be simple, practical solutions to prevent such situations from occurring. For example, we strongly encourage licensees that use Barix devices, as well as other transmitting equipment, to check and, if necessary, add a password, or reset existing passwords with new, robust passwords. Similarly, if a broadcast station experiences turnover in staff who had access to passwords, we encourage licensees to reset the password to ensure future security.
We also recommend that broadcasters investigate whether additional data security measures, such as firewalls or VPNs configured to prevent remote management access from other than authorized devices, in some cases, could be implemented to preserve this potentially critical part of the broadcast transmission chain.
If you suspect that broadcast equipment has been subject to attempts at unauthorized access, we also recommend that you contact the equipment manufacturer and/or a data security firm. We also suggest that you notify the FCC Operations Center at 202-418-1122 or FCCOPCenter@fcc.gov of suspected unlawful access.
If you have any questions, please contact Lark Hadley, the regional director for the Enforcement Bureau’s Region Three via WR-Response@fcc.gov.