The IBA has been asked by the FCC’s Enforcement Bureau to notify you of the following information relating to unauthorized persons illegally gaining access to certain audio streaming devices used by broadcasters. The notice below also contains recommended steps to prevent remote access from other than authorized devices.
IMPORTANT SECURITY-RELATED NOTICE FROM THE FIELD OFFICE OF FCC’S ENFORCEMENT BUREAU
It has come to our attention that unauthorized persons recently may have illegally gained access to certain audio streaming devices used by broadcasters, and may have transmitted potentially offensive or indecent material to the public. We believe that the reported cases involved unauthorized access to equipment manufactured by Barix, which some licensed broadcasters use for studio-to transmitter (STL), remote broadcast (Remote) and similar audio connections. We understand that the unauthorized access to the devices may be due, in part, to instances where the licensee fails to set a password for devices with no default password, or to re-set default passwords on the Barix device.
We urge licensees to take all available precautions to prevent future unauthorized transmissions. In many cases, there may be simple, practical solutions to prevent such situations from occurring. For example, we strongly encourage licensees that use Barix devices, as well as other transmitting equipment, to check and, if necessary, add a password, or re-set existing passwords with new, robust passwords. Similarly, if a broadcast station experiences turnover in staff who had access to passwords, we encourage licensees to re-set the password to ensure future security. We also recommend that broadcasters investigate whether additional data security measures, such as firewalls or VPNs configured to prevent remote management access from other than authorized devices, in some cases, could be implemented to preserve this potentially critical part of the broadcast transmission chain. If you suspect that broadcast equipment has been subject to attempts at unauthorized access, we also recommend that you contact the equipment manufacturer and/or a data security firm. We also suggest that you notify the FCC Operations Center, 202-418-1122, or FCCOPCenter@fcc.govof suspected unlawful access.
If you have any questions, please contact Lark Hadley, the Regional Director for the Enforcement Bureau’s Region Three via WR-Response@fcc.gov.