In partnership with
CYBER SYRUP
Delivering the sweetest insights on cybersecurity.
Receive Honest News Today
Join over 4 million Americans who start their day with 1440 – your daily digest for unbiased, fact-centric news. From politics to sports, we cover it all by analyzing over 100 sources. Our concise, 5-minute read lands in your inbox each morning at no cost. Experience news without the noise; let 1440 help you make up your own mind. Sign up now and invite your friends and family to be part of the informed.
Unauthorized Use of Emergency Alert Tones Traced to Hijacked U.S. Radio Equipment
Cybersecurity researchers and the U.S. Federal Communications Commission (FCC) have identified a wave of intrusions targeting U.S. radio broadcast systems. Attackers exploited unsecured remote-access equipment—specifically Barix network audio devices—to broadcast fake Emergency Alert System (EAS) tones and offensive content. The incidents reveal ongoing weaknesses in broadcast infrastructure security and highlight the importance of basic configuration, password hygiene, and network segmentation.
Context
The Emergency Alert System is a cornerstone of public safety communications in the United States. Its distinctive Attention Signal is reserved for severe emergencies such as tornadoes, hurricanes, and major natural disasters.
Because EAS infrastructure often relies on remote-access hardware to connect studios and transmission towers, improperly secured devices can expose critical broadcast paths to unauthorized control.
The FCC issued a formal advisory (DA 25-996) after radio stations in Texas and Virginia reported disruptions triggered by fake emergency tones and inappropriate audio content.
What Happened
Unknown threat actors:
Targeted Barix network audio hardware used to route live radio transmission feeds
Accessed devices left unsecured or protected by default credentials
Reconfigured endpoints to capture attacker-controlled audio streams
Inserted simulated EAS tones, the official Attention Signal, and obscene language into live broadcasts
Several stations only became aware of the compromise after receiving listener complaints.
The incidents did not impact the National EAS, but they did demonstrate that localized broadcast infrastructure remains vulnerable to unauthorized control.
Technical Breakdown
The intrusions relied on:
Unsecured Barix units accessible over the public internet
Default or weak passwords allowing direct device reconfiguration
Unprotected STL (studio-to-transmitter link) paths, enabling attackers to inject audio
Remote stream substitution, replacing live programming with malicious content
The FCC emphasized that the issue was not a software flaw in Barix devices, but a result of improper configuration and lack of basic security controls.
Impact Analysis
The consequences of these intrusions include:
Erosion of public trust in emergency systems
Risk of desensitizing audiences to genuine alerts
Regulatory exposure for broadcasters who fail to secure EAS infrastructure
Operational disruptions during live programming
Opportunity for further exploitation if attackers escalate from pranks to coordinated misinformation campaigns
While the incidents appear isolated, they highlight a systemic weakness in small and mid-sized broadcast operations.
Why It Matters
Emergency alert systems must maintain absolute integrity. Even minor misuse can undermine confidence in public safety channels.
The attacks underscore:
How easily broadcast equipment can be misused without proper access controls
That legacy systems often lack security-by-design features
The continued importance of basic cybersecurity hygiene
The growing trend of attackers targeting overlooked infrastructure sectors
Expert Commentary
Security analysts note that broadcast systems, much like industrial control systems, often prioritize uptime and operational convenience over secure configuration.
Barix previously stated that its devices are secure “when set up correctly and protected with a strong password”—a reminder that misconfiguration, not vendor flaws, is driving these incidents.
The FCC advises treating all broadcast hardware as critical infrastructure requiring explicit access controls and continuous monitoring.
Key Takeaways
Attackers hijacked U.S. radio equipment to broadcast fake emergency tones and offensive material.
Barix network audio devices were a primary target due to weak or default configurations.
FCC issued advisory DA 25-996 urging immediate security hardening.
No nationwide EAS systems were affected.
Vulnerabilities stem from misconfiguration, not product flaws.
Broadcasters must update firmware, rotate passwords, enforce VPN access, and monitor logs.