FCC sounds alarm after emergency tones turned into potty-mouthed radio takeover

Steven

FCC sounds alarm after emergency tones turned into potty-mouthed radio takeover

Summary

The US Federal Communications Commission (FCC) has warned that attackers have been hijacking studio-to-transmitter links (STLs) to replace legitimate radio output with attacker-controlled audio. Intruders exploited unsecured broadcast equipment — notably devices from Swiss vendor Barix — to stream content that included the Emergency Alert System’s “Attention Signal” followed by obscene and offensive language.

Stations in Texas and Virginia reported incidents, including a live sports broadcast and a public radio affiliate’s backup stream. The FCC’s advisory outlines mitigation steps broadcasters should take, such as patching firmware, changing default passwords, isolating critical gear behind firewalls or VPNs, limiting remote management, auditing logs, and reporting incidents to the FCC and the FBI’s IC3.

The notice recalls earlier compromises of the Emergency Alert System (notably 2013 hoax alerts) and urges broadcasters to take simple, overdue security measures to prevent similar hijacks.

Key Points

  1. Attackers hijacked studio-to-transmitter links (STLs) to inject fake alerts and vulgar audio into live radio streams.
  2. Unsecured broadcasting devices, particularly Barix gear, were reconfigured to stream attacker-controlled audio.
  3. Incidents were reported in Texas and Virginia, hitting both commercial and public-affiliate streams.
  4. The hijacked audio often included a real or simulated EAS “Attention Signal” before obscene content.
  5. The FCC issued a checklist: update firmware, replace default passwords, use firewalls/VPNs, restrict remote access and audit logs.
  6. Broadcasters are advised to report suspected unauthorised access to the FCC and the FBI’s Internet Crime Complaint Center (IC3).
  7. The advisory echoes past EAS hijacks (e.g. 2013) and frames the problem as preventable with basic cyber-hygiene.

Context and Relevance

This incident highlights a persistent problem at the intersection of legacy broadcast infrastructure and poor device security. Studio-to-transmitter links are critical for delivering trusted emergency alerts; when attackers can mimic those alerts, public trust and safety are undermined. The event is part of a wider trend of threat actors exploiting unsecured IoT and industrial devices to disrupt services and spread disinformation.

For broadcasters, regulators and security teams, the story underlines that modest investments in patching, access controls and network segmentation can significantly reduce risk. For listeners and public-safety officials, it demonstrates how malicious actors can weaponise the recognisable cues of emergency systems to amplify impact.

Why should I read this?

Because it’s both dumb and dangerous — hackers are using cheap, unsecured broadcast kit to hijack radio stations and pretend to issue emergency alerts, then play filthy audio. If you run or rely on broadcast systems (or care about emergency messaging), read this so you know the quick wins: patch, ditch default passwords, lock down remote access and tell the authorities if you see weird alerts. Saved you a panicked search later.

Source

Source: https://go.theregister.com/2025/11/27/fcc_radio_hijack/