Hackers hijack US radio stations, listeners subjected to "obscene" messages, fake alerts (VIDEO)
The FCC is warning US radio stations to secure their broadcasting equipment after a string of hacking incidents this week took over live airwaves in Virginia and Texas, subjecting listeners to profanity-laced audio and fake emergency alerts.
-
Unknown hackers commandeer US airwaves in Virginia and Texas, broadcasting obscene messages and fake emergency alerts to unsuspecting listeners.
-
Attackers reconfigured Barix network equipment to inject malicious audio, triggering legitimate EAS alert tones and causing widespread reactions among radio audiences.
-
Incident mirrors simultaneous CodeRED emergency alert platform breach, signaling vulnerable critical infrastructure that could escalate to widespread operational disruption, security experts say.
The US Federal Communications Commission (FCC) reports that unknown hackers reconfigured radio transmission equipment to inject their own audio, causing hijacked radio stations to broadcast fake emergency alert tones, obscene language, and other offensive content.
In the FCC’s public notice, the agency stated that the “string of cyber intrusions” had actually triggered the US Emergency Alert System (EAS) to issue what is known as an "Attention Signal."
The steady, high-pitched tone is broadcast across local TV and radio airwaves preceding an official alert, warning residents of an imminent threat or public safety emergency, including dangerous weather events, such as hurricanes, tornadoes, earthquakes, and flooding.
It's unclear if the Attention Signal and EAS alert tones played during the hack were actual or simulated, the FCC said.
Ross Filipek, CISO at Corsica Technologies, says the hijacking “marks the second cyber incident that national emergency systems have faced today, with hackers having stolen data from the OnSolve CodeRED platform,” also noting that these types of attacks “often serve as a stepping stone to exploiting broader network weaknesses.”
The Cybernews community is talking about this. Be a part of the conversation.
“While the immediate impact of the Barix equipment breach was ‘unauthorized and obscene audio broadcasting,’ if systems are not properly hardened and segmented, attackers could exploit the vulnerability and potentially breach deeper into the environment, he explains.
This can escalate to large-scale operational disruption or data theft, which can, in turn, lead to dangerous social engineering attacks, he says.
CodeRED is a third-party emergency notification system used by over 10,000 local communities and municipalities nationwide, whose “legacy alerting environment was targeted and damaged in a cyberattack earlier this week, impacting many public safety agencies.
Identifying the attackers as an “organized criminal group,” CodeRED says the threat has since been contained, and customers are being transitioned to a new system, Camden County officials in Georgia reported Tuesday.
"Explicit and highly offensive content"
The hackers apparently were able to compromise specific equipment made by the Swiss network-audio company Barix, reconfiguring it "to receive attacker-controlled audio in lieu of station programming," the FCC stated.
Impacted radio stations, such as HTX Media in Houston, only found out about the forced interruption after receiving several reports from local listeners, along with a recorded video of the “attacker-inserted audio.”
“We’ve received multiple reports that 97.5 FM (ESPN Houston) has been hijacked and is currently broadcasting explicit and highly offensive content,” HTX posted on Facebook during the November 23rd hack.
“The station appears to be looping a repeated audio stream that includes an Emergency Alert System (EAS) tone before playing an extremely vulgar track," the media company wrote, unaware that the airwaves had been breached.
The stream, which you can hear below (viewer discretion advised), includes bigoted language peppered with intermittent EAS signals, and the alleged hacker urging people to visit his YouTube channel.
“It was the flipping craziest thing!! They started by saying 982 dot 873 dot and some other stuff and then it started this on repeat,” one Facebook user commented.
”Pretty ballsy adding his handles in there. Guessing they want to be caught,” another user wrote.
Eventually, the station realizing it had been hijacked by cybercriminals, updated the post thanking listeners for reporting the incident.
“In the past hour, there was audio airing on 97.5 FM signal that didn't come from the radio station. Our signal had been hacked. We are actively trying to rectify the problem. We appreciate the many of you who posted to alert us of the issue,” it said.
The agency is now urging broadcasters to change default passwords, install the most recent software and equipment updates, and follow basic security practices.
Barix, which had experienced a similar incident in 2016, according to Reuters, has previously stated its devices are secure when properly configured.
Filipek says to “prevent threat actors from exploiting vulnerabilities like these, organizations must enforce strong network segmentation and regularly update and patch any flaws found in their defenses.”
Additionally, organizations should continuously monitor for any abnormal activity and conduct routine security audits to reduce the chance that attackers gain unauthorized access,” he says.
Unlock more exclusive Cybernews content on YouTube.
