Last week [link] we
brought you the news that WCHQ, a LPFM station in Louisville, was suddenly
hacked and began airing an anti-trump song that contained profane lyrics. The
cause of the hack was unknown at first. It turns out the hacker(s) entered
WCHQ’s transmission chain via an Emergency Alert System (EAS) manufactured by
Barix, a company based in Switzerland [link].
It turns out that
WCHQ is not alone. According to the FCC and the Society of Broadcast Engineers
(SBE) they are one of more than a dozen similar hacking incidents at stations
using Barix STL devices. SBE issued this cautionary advisory on February 4th
at the urging of the FCC:
It has come to our attention
that unauthorized persons recently may have illegally gained access to certain
audio streaming devices used by broadcasters and may have transmitted
potentially offensive or indecent material to the public.
We believe that the reported
cases involved unauthorized access to equipment manufactured by Barix, which
some licensed broadcasters use for studio-to transmitter (STL), remote
broadcast (remote) and similar audio connections.
We understand that the
unauthorized access to the devices may be due, in part, to instances where the
licensee fails to set a password for devices with no default password, or to
re-set default passwords on the Barix device.
Stations that have
Barix devices are asked to take immediate action. Failure to do so leaves the
station vulnerable to a sudden appearance of rappers YG
& Nipsey Hussle
singing “FDT – F*** Donald Trump” on
a continuous loop. Here is their sort of catchy tune:
On Monday 2/6,
another Barix Box was hacked at WFBS-LP in Salem, SC. A week earlier KQES-LP in
Bellevue, WA, was hacked and aired YG & Nipsey Hussle for six days. It also happened at KCGF-LP in San Angelo, TX and the folks at
the station could not figure out how to turn YG & Nipsey off. Reports of similar attacks have
increased dramatically since Trump’s inauguration.
LPFM stations seem
to be the choice for hackers, perhaps because most LPFM stations apparently
don’t have the resources to secure their audio and transmission equipment.
Stations are responsible for the programming they air.
Authorities do not
know the source of the hacks but the attacks appear to be coming from an
international location.
IS BARIX MAKING IT EASY FOR THE HIJACKERS?
Another reason the
hackers are targeting Barix Exstreamer devices may be because of the ample
information the company makes available.
I went to the Barix site [link] and
had no problem accessing schematics, protocols and password entry. (An example is on the right.)
While this
information is helpful for Barix clients, it is available to anyone.
Perhaps Barix should require passwords to gain access to its
devices.
.
Many of the "hacked" stations we password protected. They just used either a weak password or it was brute force defeated.
ReplyDeleteBarix has been vulnerable to these attacks because it can be programmed to play just about any media file and any web stream in existence. This is different than other vendors like Tieline and Comrex who don't allow that to happen.
The big reason they are the top choice for LPFM stations is they are cheaper than other vendors as well. And yes, they probably were setup with someone with some technical knowledge but not a lot. Stations need to prevent the Barix box admin ports from being visible to the outside world to prevent this in the future.