Two high-profile compromises in November of audio chains at radio stations in Texas and Virginia have resulted in the FCC underscoring the importance of network security.
Within a three-day span, 97.5 KFNC(FM), licensed to Mont Belvieu, Texas and the ESPN Radio affiliate in the Houston market, and 89.7 WRIQ(FM), licensed to Charles City, Va., and the “Radio IQ” public radio affiliate in Richmond, had its audio chains compromised with a loop that included false Emergency Alert System tones and a song containing explicit, racist lyrics.
Both KFNC and WRIQ cited the use of backup equipment as a vulnerability: KFNC said it was operating on its backup transmitter site, and WRIQ said its backup audio source was triggered by silence, leading to the compromise.
In its statement, the commission’s Public Safety and Homeland Security Bureau specifically cited “improperly secured Barix equipment” and urged stations to safeguard their networks and upgrade firmware for their audio over IP devices for studio-to-transmitter links, if available.
(Read the Public Safety and Homeland Security Bureau’s public notice.)
If left unprotected over the internet, devices that deliver audio from a studio to transmitter are at risk to be harvested on a website like Shodan. It does not take a human entity to then gain access to a device listed on the website — automated bots can do so, particularly if passwords are left to defaults.
When reached by Radio World, Barix CEO Johannes Rietschel concurred with the FCC’s statement. He reiterated what he shared in October with Radio World, urging stations to prioritize their cybersecurity. Around Labor Day Weekend, several small radio stations using Barix Instreamer and Exstreamer devices suffered similarly-reported audio chain breaches.
“If station operators don’t secure their network links with VPNs, or at least don’t expose the Barix configuration interface to the internet, such hacks will continue,” Rietschel told Radio World.
Stations cite backups
With plenty of Dallas Cowboys fans in southeast Texas, compromised audio on Houston’s 97.5 KFNC couldn’t have come at a more high-profile time: during the game broadcast of the Cowboys’ Nov. 21 home game versus the Philadelphia Eagles.
Reports on social media captured the station’s audio, which included fake EAS tones, a country song with racist lyrics and a promo with a synthesized voice promoting social media accounts. It was nearly identical to the reports we received of the Labor Day audio breaches.
RadioInsight first reported that KFNC was using Barix devices to deliver its audio over the internet from its studio to transmitter site.
The Houston Chronicle reported that KFNC was on its backup transmitter due to a power outage at its primary site. KFNC General Manager Todd Farquharson told the Chronicle the station discovered a bot was hacking the brand of backup equipment it was using.
“We’re disappointed to be victims of this attack and the offensive messaging it broadcast,” Farquharson told the Chronicle.
Richmond-to-Roanoke breach
Two days earlier on Nov. 19, 89.7 WRIQ(FM), the Richmond, Va.-based affiliate of the Radio IQ public radio network, incurred a compromised airchain.
The station’s programming originates from flagship 89.1 WVTF(FM) in Roanoke.
Reports from listeners in the Richmond area described similar content to what was heard in Houston — false EAS tones and a song with explicit, racist lyrics. WVTF’s audio was not affected.
According to Radio IQ’s own reporting, a period of silence triggered the station’s backup audio feed.
[Related: “Your Station’s Cybersecurity Matters Most Now”]
“We have a sensor that starts the back-up feed when it hears ‘dead-air’ or silence on the main audio feed,” Radio IQ said in its report on the incident. “Our engineers have to manually switch back to the main channel when it becomes available again.”
It was during the time that the station was on its backup audio source that an unauthorized entity took over WRIQ’s audio feed.
“Luckily, our main audio feed from studio to transmitter was not intercepted. Normally a listener would not have noticed, but, given the offensive material on the back-up audio stream it was immediately noticeable, and was quickly switched back by station engineering,” Radio IQ said.
Radio IQ told us that its Barix Exstreamer 100 was compromised, which is used on its backup audio feed.
Radio World has also reached out to both Gow Media, KFNC’s owner, for further comment.
A matter of cybersecurity
In its statement, the FCC’s Public Safety and Homeland Security Bureau urged stations, especially those using Barix equipment, to promptly update all firmware and software and install security patches recommended by manufacturers.
Stations should immediately change default passwords to robust alternatives and use network security tools like firewalls and VPNs to protect EAS, Barix and other interconnected broadcast systems, the commission said. Logs for EAS equipment should also be continuously monitored for unauthorized access.
In our October conversation with Barix’s Rietschel, he said that a combination of factors — scant station technical staff, budget cuts and some high-profile previous incidents — are contributing to the recent breaches.
He urged stations to use a VPN for connections between Barix devices and also to consider Barix’s own Reflector service through StreamGuys.
Radio World welcomes letters to the editor on this or any story. Email [email protected].
