Although the dust may have settled, there are lessons to be learned from the most recent audio stream hacking incident.
Law enforcement and the Federal Communications Commission have vowed to investigate the April 5 incident, in which IP routers at several stations were improperly accessed and used to broadcast an explicit podcast for several hours.
In the meantime, broadcasters can take steps to harden their equipment against such attacks.
The hacks affected the audio streams of a radio station in Texas, two radio stations in Colorado, and a national syndicator. Audio was commandeered through unauthorized access of a Barix Streaming Client, an HTTP-based streaming software option that runs on Barix hardware, the company said. An explicit podcast from a group called FurCast was transmitted for several hours.
When contacted by Radio World, Barix Chairman Johannes Rietschel said that devices hacked either had a very weak password or no password at all.
Barix advises stations start by setting unique, complicated passwords and then by establishing a virtual private network to protect station equipment. Devices should be secured behind firewalls and not openly connected to the Internet, the company said, adding that Barix devices with STL firmware or a cloud service in place would be very difficult to hijack and then reconfigure to play a podcast stream.
According to Rietschel, the culprits that took over the equipment set strong passwords of their own to retain control of the device. To regain access in a situation like this, stations must complete a physical factory reset on a unit. Afterward, the devices should be reconfigured and a strong password should be set to secure the unit.
The company also advised use of services that can be used to further establish secure network connections for audio over IP transport (Barix offers an option through the streaming company StreamGuys).
“According to our research there are thousands of Barix devices (and devices of practically all competitors as well) exposing their web configuration to the public internet,” Rietschel said. “Many of them are not password-protected or use default passwords. This clearly is an open invitation to hijack the equipment.”
The company said it is working with its broadcast clients to resolve individual cases.
One radio observer said that these cyberattacks shouldn’t necessarily be a surprise.
“My prediction of cyberattacks has come true, which is exactly why I’ve been suggesting broadcasters to not scrap their RF or leased line STLs,” said John Morehouse, president and general manager of Long Valley Communications, licensee of KPHT(LP) in Laytonsville, Calif., which was not one of the affected stations. One of the stations affected in this hacking case, Morehouse said, uses IP for its STL.
“I’ve said many times in the last few years that I think relying so much on the internet leaves broadcasters vulnerable to attack. And with so much traffic carried on the internet, the internet is a large target in the eyes of those with dark agendas,” he added.