Several large media reported that hackers target vulnerable low power FM radio transmitters to play an Anti-Trump song titled “Fuck Donald Trump”.
Radio Transmitters Hacked To Play Anti-Trump Song
Security experts discovered that certain models of low power FM radio transmitters that are not patched with security updates have been hijacked by hackers to play an Anti-Trump song. The exploit was known since April 2016 and it allows criminals to take over terrestrial radio stations. The hackers used the occasion to play the infamous song by YG and Nipsey Hussle “Fuck Donald Trump”.
The hack was discovered as the song started playing on infected radios shortly after the presidential inauguration on January 20. Several dozen stations experienced the hack in the last few weeks across the country. It appears that the hackers targeted Barix Exstreamer products. They can decode many of the popular audio file formats and send them for transmission. They connect easily to the Internet and their exposed service is rated as vulnerable. The vendor recommends that administrators use 24-character passwords and instituting the servers behind firewalls. However the confirmed breaches suggest that most of the device owners have not taken this into account. This is rather dangerous as the infections have compromised even FCC-approved Low Power FM transmitters.
In April 2016 multiple stations were hacked in a similar manner via insecure Barix STL devices. The campaign was carried out via a botnet attack and upon infection they broadcaster a podcast episode that talks about furry sex. Allegedly the criminals used the Shodan IoT search engine to create a database of insecure radio stations. The security experts device owners to take these steps to secure their transmitters:
-
Web interface passwords should be changed.
-
All instances should be secured behind firewalls that only expose the ports needed to stream.
-
All devices should regularly be checked for vendor updates.