How Hackers Are Hijacking Public Radio Systems to Send Obscene Messages, Fake Alerts

Hackers in the US are breaking into poorly secured radio transmission gear and using it to push fake emergency alerts and obscene audio over the air, prompting a security warning from the Federal Communications Commission (FCC). The attacks have triggered the official “Attention Signal” of the US Emergency Alert System (EAS) on some stations, an alarm tone normally reserved for tornadoes, hurricanes, earthquakes, and other serious threats, before switching to bigoted or offensive content.​

What the FCC has warned about

In a public notice, the FCC said it has seen a “recent string of cyber intrusions against various radio broadcasters” that resulted in unauthorised use of the EAS Attention Signal and other alert tones. Hackers are not breaching the national EAS backbone itself, but are instead compromising equipment inside local stations and using that access to inject their own audio streams. In several recent cases in Texas and Virginia, hijacked streams were used to broadcast racist or obscene messages disguised as official emergency communications.​

How the hijack works

According to the FCC, the attackers are targeting network audio devices made by the Swiss company Barix, which are widely used by radio stations to route programming over IP networks. The agency says the hackers appear to have found Barix units that were “improperly secured” on the public internet, then reconfigured them “to receive attacker-controlled audio in place of station programming.” Once in, they can:

• Trigger or replay the EAS Attention Signal and alert tones.
• Replace the normal station feed with an attacker-controlled audio stream.
• Insert obscene language and other “inappropriate material” under the cover of what sounds like an official alert.​

In practice, this means listeners hear the same jarring EAS tones they associate with real emergencies, followed by fake or offensive messages that the station never approved. Because the tones and format resemble genuine alerts, the risk of confusion and panic is significant.

Why Barix devices are involved

Barix IP audio codecs and STL (studio–transmitter link) boxes are popular in broadcasting because they are cheap, flexible, and easy to deploy over standard networks. The issue, as the FCC notes, is not that the hardware is inherently broken, but that many stations have left devices exposed with default credentials or without proper network isolation. Barix itself said in a 2016 statement, after a similar wave of hijackings, that its devices “are secure for Broadcast use when set up correctly and protected with a strong password.”​

The new FCC warning echoes that message: the compromise path is typically:

• Devices reachable from the public internet.
• Default or weak passwords.
• Outdated firmware or missing security updates.
• Little or no firewalling or VPN protection between the wider internet and critical audio gear.​

Recent incidents in Texas and Virginia

The FCC’s notice references recent reports of radio streams in Texas and Virginia that were hijacked to air bigoted or offensive content. In those incidents, attackers appear to have taken control long enough to blast slurs and other obscenities under the guise of emergency messages, prompting complaints from listeners and investigations by station owners. These are not isolated pranks but part of a pattern of opportunistic scans and takeovers of exposed broadcast infrastructure.​

Why this matters for public safety

The EAS Attention Signal and alert tones are designed to cut through noise and grab immediate attention. Misusing them has several serious consequences:

• Erosion of trust: If audiences repeatedly hear fake or offensive “alerts,” they may be less likely to respond quickly to genuine tornado, hurricane, or evacuation warnings.
• Confusion and panic: In the moment, listeners may not be able to distinguish a hijacked alert from a real one, especially during severe weather or other tense situations.
• Legal and regulatory exposure: Broadcasters remain responsible for what goes on air; repeated incidents could lead to complaints, fines, or tighter regulatory scrutiny.

What the FCC is urging broadcasters to do

In its advisory, the FCC calls on stations to take basic but critical cybersecurity steps, including:​

• Change default passwords: Immediately replace factory credentials on Barix and other IP audio/EAS devices with strong, unique passwords.
• Remove direct internet exposure: Keep critical gear behind firewalls and accessible only via VPN or restricted management networks—not open ports on the public internet.
• Apply updates and patches: Regularly update firmware and software so known vulnerabilities are fixed.
• Audit device inventories: Identify all IP-connected codecs, STL units, and EAS gear; confirm each one is locked down.
• Limit user access: Use role-based accounts and disable unused logins to minimise the damage if credentials leak.

What Barix has said in the past

Barix has not commented publicly on this latest wave of hijackings, according to reports, but in a 2016 advisory after similar incidents, the company stressed that its devices can be used securely if configured properly and protected by strong passwords. It also provided guidance on firewall rules and network segmentation so that devices are not exposed directly to the wider internet. The current FCC notice aligns with that stance: the primary failure is operational security at stations, not a newly discovered zero-day bug.​

Takeaways beyond US radio

While this advisory is focused on US broadcasters and the EAS, the underlying lesson is broader: any critical infrastructure that uses internet-connected audio or control devices, whether in TV, cable headends, stadium PA systems, or emergency sirens, can be hijacked if left open with default credentials. The combination of:

• Searchable, exposed devices (via tools like Shodan),
• Weak passwords, and
• High-trust signals like sirens or alert tones
• creates a tempting target for trolls, activists, and potentially more serious actors.

Read more: Apple Challenges New Antitrust Penalty Law With A ₹3,39,218 Crore Fine Risk In Delhi High Court