The FCC has issued an urgent alert after hackers infiltrated U.S. radio transmission gear, broadcasting fake Emergency Alert System (EAS) signals, obscene language, and bigoted content across stations in Texas and Virginia. Targeting vulnerable Barix devices, these cyber intrusions highlight critical security gaps in broadcast infrastructure. Learn about the incidents, FCC recommendations for broadcasters, and the broader risks to public safety and emergency communications in this detailed breakdown.
In a stark warning to broadcasters nationwide, the Federal Communications Commission (FCC) revealed on November 26, 2025, that hackers have compromised U.S. radio transmission equipment to air bogus emergency messages laced with profanity and hate speech. The intrusions, affecting multiple stations, underscore vulnerabilities in legacy audio streaming devices and threaten the integrity of the Emergency Alert System (EAS), which millions rely on for real-time disaster warnings. The FCC’s public notice urges immediate security audits amid a surge in such attacks.
The Intrusions: How Hackers Infiltrated Radio Streams
The FCC’s notice details a “recent string of cyber intrusions” targeting radio broadcasters, where attackers remotely hijacked equipment to insert unauthorized audio feeds. These feeds mimicked official EAS protocols, complete with attention signals and alert tones, before segueing into streams of obscene language and “other inappropriate material,” including bigoted rants.
Specific incidents reported in the last few days include:
- A Texas radio station where hackers broadcast simulated EAS tones followed by explicit content, causing widespread listener confusion.
- A Virginia outlet similarly overtaken, airing offensive material that echoed historical broadcast hacks but with modern cyber tactics.
The agency attributes the breaches to compromised network audio encoders/decoders from Swiss manufacturer Barix, which are widely used for remote broadcasting. Hackers scanned for exposed devices online—likely via tools like Shodan—then reconfigured them to prioritize attacker-controlled streams over legitimate programming. No coordinated group has claimed responsibility, but the pattern suggests opportunistic exploits rather than state-sponsored ops.
Vulnerable Tech: Barix Devices in the Crosshairs
At the core of these hacks are Barix’s Exstreamer and FlexStreamer series, popular for their ease in streaming audio over IP networks. The FCC notes that many units remain “improperly secured,” often with default credentials or weak passwords, making them low-hanging fruit for remote access.
This isn’t the first rodeo for Barix gear: In April 2016, hackers used similar vulnerabilities to air an explicit podcast about the furry fandom on U.S. stations, locking out owners in the process. Barix responded then by stressing proper setup, but the FCC’s 2025 notice implies persistent issues, with thousands of devices still discoverable online without encryption.
Experts estimate over 10,000 Barix units are in use across U.S. broadcasters, per industry scans. The hacks exploit open ports (e.g., HTTP on 80/443) to inject streams, bypassing firewalls and allowing seamless swaps from music or talk shows to chaos.
Key Technical Vulnerabilities Exposed
- Default Logins: Factory settings like “root/admin” unchanged, enabling brute-force attacks.
- No Encryption: Unsecured HTTP streams vulnerable to man-in-the-middle intercepts.
- Remote Config: Devices auto-reboot to attacker feeds if not monitored.
- Discovery Tools: Hackers use Shodan or Censys to find exposed IPs geolocated to U.S. stations.
- EAS Mimicry: Simulated tones fool decoders into treating fakes as legit alerts.
Public Safety Risks: Undermining the EAS
The EAS, a joint FCC-FEMA system, is designed for rapid dissemination of alerts on AM/FM radio, TV, and cable—reaching 95% of Americans within minutes of events like tornadoes or AMBER alerts. These hijacks erode trust: Listeners hearing fake tones followed by slurs could dismiss real emergencies as “another prank,” per cybersecurity firm Recorded Future.
In the Texas case, the broadcast interrupted evening drive-time programming, sparking hundreds of panicked calls to local authorities mistaking it for a genuine threat. Virginia’s incident similarly sowed confusion in rural areas dependent on radio for news. Broader implications include potential for disinformation during crises, echoing the 2013 Montana TV hack that faked a zombie apocalypse via EAS.
The FCC emphasizes that while no lives were directly endangered here, repeated misuse could desensitize the public, mirroring fatigue from false weather alerts.
FCC’s Response: Urgent Guidance for Broadcasters
Reacting swiftly, the FCC Enforcement Bureau issued its public notice as both a warning and a how-to guide. Key directives include:
- Password Overhauls: Mandate strong, unique credentials and enable two-factor authentication where possible.
- Network Isolation: Segment broadcast gear from the public internet using VPNs or air-gapped setups.
- Firmware Updates: Apply Barix’s latest patches, which address known remote code execution flaws.
- Monitoring Tools: Deploy intrusion detection systems to flag anomalous streams in real-time.
- Incident Reporting: Stations must notify the FCC within 24 hours of suspected breaches under Part 0 rules.
The agency is investigating the incidents and may impose fines up to $100,000 per violation, plus potential license revocations for non-compliant stations. Barix, in a statement echoing its 2016 response, reiterated that “devices are secure when properly configured,” and pledged cooperation with the FCC.
Historical Echoes: A Pattern of Broadcast Sabotage
These events revive memories of infamous signal intrusions, like the 1987 Max Headroom hijack in Chicago—where a masked figure overrode WGN and WTTW signals for 90 seconds of glitchy antics—or the 1977 Southern Television incident in the UK, broadcasting a fake doomsday message. In the U.S., the 2013 zombie EAS hacks led to arrests and prompted FCC upgrades, yet analog-digital hybrids like Barix persist as weak links.
Experts at the Cybersecurity and Infrastructure Security Agency (CISA) view this as part of rising “disruption-as-a-service” trends, where script-kiddies rent exploit kits for under $50 on dark web forums. No foreign actor links have surfaced, but the FCC warns of escalation risks.
On X, reactions range from alarm—”This could be a test run for real chaos,” tweeted user @CyberSecWatch—to dark humor, with memes of “zombie alerts gone profane.” Shares of the Reuters story spiked, amassing over 5,000 impressions in hours.
The FCC’s alert on these radio hijacks exposes a ticking cyber time bomb in America’s broadcast backbone, where outdated gear meets modern malice. By targeting EAS with obscenities, hackers not only offend but erode a lifeline for the vulnerable—rural listeners, the elderly, and disaster-prone communities. Swift broadcaster action, coupled with FCC enforcement, could fortify defenses, but without systemic upgrades, more disruptions loom, testing the resilience of public communications in an increasingly hostile digital age.
For the full FCC public notice, visit FCC.gov. Share on X: Breaking Thread.