[EAS] Cybersecurity for broadcast stations
Sean Donelan
sean at donelan.com
Thu Apr 7 14:56:23 CDT 2016
And this is the reason FCC focusing its cybersecurity certification
effort in the recent NPRM only on EAS doesn't fix the problem(s).
Broadcast (and cable) need to address information security throughout
their operations, not only for EAS. If the FCC is going to require
management certify their operations, the media bureau should require
security for all operational systems.
Otherwise, there will be ongoing stories about vendor XYZ's box ABC with
default passwords, open internet access, and unpatched firmware. Just
because you don't look for problems, doesn't mean you don't have
vulnerabilities.
http://arstechnica.com/security/2016/04/nation-wide-radio-station-hack-airs-hours-of-vulgar-furry-sex-ramblings/
Some Tuesday morning listeners of KIFT, a Top 40 radio station located in
Breckenridge, Colorado, were treated to a radically different programming
menu than they were used to. Instead of the normal fare from Taylor Swift,
The Chainsmokers, or other pop stars, a hack by an unknown party caused
one of the station's signals to broadcast a sexually explicit podcast
related to the erotic attraction to furry characters. The unauthorized
broadcast lasted for about 90 minutes.
[...]
The Barix equipment that appears to have been targeted is susceptible to
hacks when running factory default settings. The Michigan Association of
Broadcasters' advisory suggests that users should change passwords to the
Web interface and hide the devices behind firewalls that expose only the
ports needed to receive the stream. The boxes are also an easy target when
connected to a static IP address and no changes are made.
More information about the EAS
mailing list