FCC ENFORCEMENT ADVISORY: Barix Password Precautions

The FCC Enforcement Bureau has reached out to REC and other organizations to reach as many broadcasters as possible addressing the recent incidents of compromises of the Barix Extreamer equipment commonly used as a studio-to-transmitter link.  The Enforcement Bureau's statement follows:

It has come to our attention that unauthorized persons recently may have illegally gained access to certain audio streaming devices used by broadcasters, and may have transmitted potentially offensive or indecent material to the public.  We believe that the reported cases involved unauthorized access to equipment manufactured by Barix, which some licensed broadcasters use for studio-to transmitter (STL), remote broadcast (Remote) and similar audio connections. We understand that the unauthorized access to the devices may be due, in part, to instances where the licensee fails to set a password for devices with no default password, or to re-set default passwords on the Barix device.

We urge licensees to take all available precautions to prevent future unauthorized transmissions.  In many cases, there may be simple, practical solutions to prevent such situations from occurring.  For example, we strongly encourage licensees that use Barix devices, as well as other transmitting equipment, to check and, if necessary, add a password, or re-set existing passwords with new, robust passwords.  Similarly, if a broadcast station experiences turnover in staff who had access to passwords, we encourage licensees to re-set the password to ensure future security.  We also recommend that broadcasters investigate whether additional data security measures, such as firewalls or VPNs configured to prevent remote management access from other than authorized devices, in some cases, could be implemented to preserve this potentially critical part of the broadcast transmission chain.  If you suspect that broadcast equipment has been subject to attempts at unauthorized access, we also recommend that you contact the equipment manufacturer and/or a data security firm.  We also suggest that you notify the FCC Operations Center, 202-418-1122, or FCCOPCenter@fcc.gov of suspected unlawful access.

If you have any questions, please contact Lark Hadley, the Regional Director for the Enforcement Bureau’s Region Three via WR-Response@fcc.gov.