Tech managers are scrambling to determine how audio streams of radio stations in several states were hacked this past week. Meanwhile Barix, which makes products apparently attacked in the incidents, is offering guidance for its clients.
Early investigations indicate that a specific model of IP router at the stations — a Barix Streaming Client that can be used to distribute audio via IP — was accessed improperly and used to broadcast a sexually explicit podcast at several stations, several media outlets and at least one broadcast association reported.
To prevent such incidents, broadcasters should take several steps, Barix said, including setting a new 24-character new password, and ensuring that all devices are secured behind firewalls and not openly connected to the Internet. Barix customers can call 866-815-0866 for technical support.
The hacks occurred at KIFT(FM) in Breckenridge, Colo., and at low-power country radio station KXAX(LP) in Livingston, Texas. There have also been reports of an alleged hack at an AM CBS affiliate in Denver and at anational syndicator, which Radio World is attempting to confirm at this time.
Audio was hacked through the Barix Streaming Client; instead of music, an explicit podcast called FurCast was broadcast for several hours on the stations. The incident began around 6 a.m. Eastern time on Tuesday, April 5, and continued for several hours until the streams were shut down.
In the KIFT case, the hack was on a station booster site; as a result, normal programming content continued to be broadcast over the main transmitter. The reported hack did not impact the online streaming broadcast, according to a report by CBS4 in Denver.
The stations effected apologized for the airing of the content.
The producers of the content, FurCast, said they had nothing to do with the attack, and said that they are working with law enforcement to investigate the incident.
“We have been made aware of a reported incident where FurCast and XBN content was syndicated without our knowledge on a terrestrial FCC-licensed FM radio station,” it said in a statement. The group said large numbers of IP addresses had attempted to connect to the company’s archive stream during the reported time period with the name “Barix” as the user agent. FurCast responded by blocking those IP addresses from its server. All the IP addresses were listed on the website Shodan, a web-based search engine that searches the internet for devices instead of websites, the group said.
“So far we have had no new connections on the renamed stream, although we are finding what appear to be new IP addresses attempting to connect to the old stream,” it stated on its website.
The Federal Communications Commission is investigating the incident.
Barix said in a statement that its devices “are secure for broadcast use when set up correctly and protected with a strong password. These unfortunate security breaches are an extreme rarity.”
Such incidents can be made easier if a device’s password is not changed regularly, Barix said in a statement. The company said it is working with its broadcast clients to resolve individual cases.
One radio insider said that these cyber attacks shouldn’t necessarily be a surprise.
The bottom line: Change passwords often, and use unique numbers and characters.
“[The] best advice is to change your password to the web interface, and hide it behind a firewall that only exposes the ports needed to receive the stream, aka port forwarding,” wrote Jason Walther, chief engineer with Townsquare Media in a post to the Michigan Association of Broadcasters.