After two recent cases of radio station audio hijackings in Texas and Virginia, Swiss-based manufacturer Barix said in a email to many of its customers that the message could not be clearer.
“If you are operating Barix devices with an accessible web-based interface directly on the internet without robust network security, itʼs time to reconsider,” the company said in an email distributed on Dec. 9.
Following the Federal Communications Commission’s notice on cybersecurity, which specifically cited the use Barix AoIP devices, the Swiss-based manufacturer crafted its own message addressed to AoIP users.
The email juxtaposes advancements in connectivity with operating in today’s high-risk environment.
“The world has changed — and so has the internet,” the email said.
While it’s not known exactly how many U.S. radio stations use Barix devices for delivering audio from their studio to transmitter sites over the internet, it’s probably somewhere in the thousands.
A round of audio incidents, featuring a song with racist, explicit lyrics and false EAS tones, were reported Labor Day. The stations that were victimized used Barix AoIP devices to deliver their audio.
Then, in the top 10 Nielsen market of Houston and on a Class B FM signal in Richmond, two stations suffered the hijacking of their audio within three days of each other in November. 97.5 KFNC(FM) and 89.7 WRIQ(FM) cited the use of backup equipment as a reason for each station’s vulnerability, and their backup setups also used Barix devices.
The FCC’s investigation of the latter two incidents, which led to its public notice, was triggered by the same root cause in each instance, Barix said.
“STL receiver devices were exposed on the public internet with weak or no password protection for their web interface,” the memo said.
The devices are lauded for their ease of setup and low cost, with many first-generation units often purchased for resale.
But they are very much vulnerable targets over the public internet, and the manufacturer said they have never been designed as secure, turnkey devices.
Barix pointed to a Radio World conversation with its chief technical officer, Johannes Rietschel, for guidance.
The company invited stations unsure about the security of their installation or needing guidance on how to properly secure their Barix devices to email their support address.
It also encouraged users to check out its Reflector service, a tunnel that the company offers in conjunction with hosting provider Streamguys.
[Do you receive the Radio World SmartBrief newsletter each weekday morning? We invite you to sign up here.]
