Wednesday, February 8, 2017

HAS YOUR STATION BEEN HIJACKED BY “YG & Nipsey?” THEY PROBABLY GOT IN VIA A “BARIX BOX”


Last week [link] we brought you the news that WCHQ, a LPFM station in Louisville, was suddenly hacked and began airing an anti-trump song that contained profane lyrics. The cause of the hack was unknown at first. It turns out the hacker(s) entered WCHQ’s transmission chain via an Emergency Alert System (EAS) manufactured by Barix, a company based in Switzerland [link].

It turns out that WCHQ is not alone. According to the FCC and the Society of Broadcast Engineers (SBE) they are one of more than a dozen similar hacking incidents at stations using Barix STL devices. SBE issued this cautionary advisory on February 4th at the urging of the FCC:

It has come to our attention that unauthorized persons recently may have illegally gained access to certain audio streaming devices used by broadcasters and may have transmitted potentially offensive or indecent material to the public.

We believe that the reported cases involved unauthorized access to equipment manufactured by Barix, which some licensed broadcasters use for studio-to transmitter (STL), remote broadcast (remote) and similar audio connections.

We understand that the unauthorized access to the devices may be due, in part, to instances where the licensee fails to set a password for devices with no default password, or to re-set default passwords on the Barix device.

Stations that have Barix devices are asked to take immediate action. Failure to do so leaves the station vulnerable to a sudden appearance of rappers YG & Nipsey Hussle singing “FDT – F*** Donald Trump” on a continuous loop. Here is their sort of catchy tune:  



On Monday 2/6, another Barix Box was hacked at WFBS-LP in Salem, SC. A week earlier KQES-LP in Bellevue, WA, was hacked and aired YG & Nipsey Hussle for six days. It also happened at KCGF-LP in San Angelo, TX and the folks at the station could not figure out how to turn YG & Nipsey off. Reports of similar attacks have increased dramatically since Trump’s inauguration.

LPFM stations seem to be the choice for hackers, perhaps because most LPFM stations apparently don’t have the resources to secure their audio and transmission equipment. Stations are responsible for the programming they air.

Authorities do not know the source of the hacks but the attacks appear to be coming from an international location.

IS BARIX MAKING IT EASY FOR THE HIJACKERS?

Another reason the hackers are targeting Barix Exstreamer devices may be because of the ample information the company makes available. 

I went to the Barix site [link] and had no problem accessing schematics, protocols and password entry. (An example is on the right.)

While this information is helpful for Barix clients, it is available  to anyone.  Perhaps Barix should require passwords to gain access to its devices.  
.


1 comment:

  1. Many of the "hacked" stations we password protected. They just used either a weak password or it was brute force defeated.

    Barix has been vulnerable to these attacks because it can be programmed to play just about any media file and any web stream in existence. This is different than other vendors like Tieline and Comrex who don't allow that to happen.

    The big reason they are the top choice for LPFM stations is they are cheaper than other vendors as well. And yes, they probably were setup with someone with some technical knowledge but not a lot. Stations need to prevent the Barix box admin ports from being visible to the outside world to prevent this in the future.

    ReplyDelete