Hacking the Radio (and other Analog Technology)
In this week’s briefing, we will look at a recent hijacking of several radio stations to analyze how traditionally analog technology may be attacked by modern means.
Standard radio programming is transmitted using electromagnetic waves which modulate either the amplitude (AM) or frequency (FM) of the wave to encode analog audio data. While the wave is electromagnetic, the underlying technology is comparable to that of a record-player. The wave is broadcast in all directions and may be received and decoded by anyone in reach. There is no server, cache, data network, authentication or authorization.
There thus seems to be no practical method of hijacking a radio station short of broadcasting a different signal on the same frequency with a stronger antenna or taking over the radio station by physical force. Neither of these approaches fits the description of a “cyber attack”.
Non the less, radio stations are taken over by hackers virtually every year. How can this be?
To answer the question, we must look at how modern radio stations operate.
Before the internet, audio signals to be broadcast were generated in close proximity to the broadcasting tower by either playing back physical media or recording from a microphone. The generated signals were then sent to the tower through a physical cable.
Modern radio studios however are often completely separate units from the physical broadcasting system. Radio programs, wether live or pre-recorded, are prepared in potentially several locations and then relayed in a digital format.
This has many advantages to the station operator. Without a need for physical proximity, studios can be established in convenient locations or split across several while making the finished programming available over the internet and one or several physical broadcasting towers at the same time. Popular radio stations may expand their coverage by acquiring the rights to a frequency in a new region and leasing capacity on a broadcasting tower nearby.
However, this approach also opens radio stations up to cyber attacks.
While the analog signal broadcast by the radio tower has no real attack surface, the digital stream of data sent to the towers and the digital equipment used to produce the program do.
In the specific case mentioned above, all affected station appear to have been using Barix STL devices to relay the audio stream between different locations. If these devices are not properly configured, they allow anyone who knows their IP address to send data to them.
The attackers abused this misconfiguration to send their own programming to the receivers instead of the real programming. The fake programming was then amplified and broadcast by the radio towers.
Similarly, the computers used to make the program or the network hardware used my studios offer attack surface. If they are taken over, the content of the program may be influenced by attackers in innumerable ways.
Much of today’s technology which appears to be analog is vulnerable in similar ways. Computers have become part of virtually every modern production and management chain and as digital components are introduced into classic enterprises they are opened up to potential cyber attacks.
We expect this trend of successful yet unexpected attacks on targets traditionally considered immune to hacking to continue as more and more systems - from factories, to radios to transportation - are integrated with computer technology.