Share this
Hacking the Radio, and Other Analogue Vulnerabilities
by Reflare Research Team on May 11, 2021 7:09:00 PM
If the signal from your favourite radio station isn’t streaming smoothly to your dial, it may be malicious interference from someone who doesn’t appreciate the program you’re trying to listen to. That’s exactly what happened recently to a number of stations around the world where an individual or group was blocking the transmission of the radio signal to disrupt operations.
First Published 26th January 2017 | Latest Refresh 11th May 2021
Don't touch that dial.
4 min read | Reflare Research Team
Radio Heads
In this research brief, we will look at the recent hijacking of several radio stations to analyse how traditionally analogue technologies may be attacked by modern means.
Standard radio programming is transmitted using electromagnetic waves which modulate either the amplitude (AM) or frequency (FM) of the wave to encode analogue audio data. While the wave is electromagnetic, the underlying technology is comparable to that of a record player. The wave is broadcast in all directions and may be received and decoded by anyone in reach. There is no server, cache, data network, authentication or authorisation.
Therefore, there seems to be no practical method of hijacking a radio station short of broadcasting a different signal on the same frequency with a stronger antenna or taking over the radio station by physical force. Neither of these approaches fits the description of a “cyber attack”.
Nonetheless, radio stations are taken over by hackers virtually every year. How can this be?
To answer the question, we must look at how modern radio stations operate.
The Evolution of Analogue Broadcasting
Before the internet, audio signals to be broadcast were generated in close proximity to the broadcasting tower by either playing back physical media or recording from a microphone. The generated signals were then sent to the tower through a physical cable.
Modern radio studios however are often completely separate units from the physical broadcasting system. Radio programs, whether live or pre-recorded, are prepared in potentially several locations and then relayed in a digital format.
This has many advantages for the station operator. Without a need for physical proximity, studios can be established in convenient locations or split across several while making the finished programming available over the internet and one or several physical broadcasting towers at the same time. Popular radio stations may expand their coverage by acquiring the rights to a frequency in a new region and leasing capacity on a broadcasting tower nearby.
However, this approach also opens radio stations up to cyber-attacks.
While the analogue signal broadcast by the radio tower has no real attack surface, the digital streams of data sent to the towers and the digital equipment used to produce the program do.
The days of having to climb up a tower with a pair of wire strippers and a Discman to get your new single played on mainstream radio may be coming to an end.
In the specific case mentioned above, all affected stations appear to have been using Barix STL devices to relay the audio stream between different locations. If these devices are not properly configured, they allow anyone who knows their IP address to send data to them.
The attackers abused this misconfiguration to send their own programming to the receivers instead of the real programming. The fake programming was then amplified and broadcast by the radio towers.
Similarly, the computers used to make the programs and the network hardware used by studios also offer a number of attack surfaces. If they are taken over, the content of the program may be influenced by attackers in innumerable ways.
A Problem More Widespread Than Many Believe
Much of today’s technology which appears to be analogue is vulnerable in similar ways. Computers have become part of virtually every modern production and management chain and as digital components are introduced into classic enterprises, they are opened up to potential cyber-attacks.
We expect this trend of successful, yet unexpected attacks on targets traditionally considered immune to hacking to continue as more and more systems - from factories to radios to transportation – will continue. As computer technologies continue to integrate with existing broadcast systems, new security exploits will appear.
The responsibility of mitigating these vulnerabilities will ultimately fall back to the developers working within the broadcaster, and system integrators of disparate analogue and digital technologies. However, the accountability of ensuring that broadcasts are secure today and remain so into the future will fall in the lap of station senior management. The reputational damage of having a broadcast hijacked, irrespective of who is to blame, will be the senior management team to fix.
This is yet another example where having trained tech staff continuously thinking through the IT security of the station’s operations will go a long way towards reducing the risk, pain, and fallout of dealing with a hack.
However, this vulnerability is not the only exploit you should address when thinking through the risks associated with bridging your operations across the analogue-to-digital gap. You can save yourself a lot of pain by learning from the mistakes of others who have come before you. Discover how to identify and mitigate risks of numerous related hacking trends by checking out other related Reflare research reports.
Share this
- December 2024 (1)
- November 2024 (1)
- October 2024 (1)
- September 2024 (1)
- August 2024 (1)
- July 2024 (1)
- June 2024 (1)
- April 2024 (2)
- February 2024 (1)
- January 2024 (1)
- December 2023 (1)
- November 2023 (1)
- October 2023 (1)
- September 2023 (1)
- August 2023 (1)
- July 2023 (1)
- June 2023 (2)
- May 2023 (2)
- April 2023 (3)
- March 2023 (4)
- February 2023 (3)
- January 2023 (5)
- December 2022 (1)
- November 2022 (2)
- October 2022 (1)
- September 2022 (11)
- August 2022 (5)
- July 2022 (1)
- May 2022 (3)
- April 2022 (1)
- February 2022 (4)
- January 2022 (3)
- December 2021 (2)
- November 2021 (3)
- October 2021 (2)
- September 2021 (1)
- August 2021 (1)
- June 2021 (1)
- May 2021 (14)
- February 2021 (1)
- October 2020 (1)
- September 2020 (1)
- July 2020 (1)
- June 2020 (1)
- May 2020 (1)
- April 2020 (2)
- March 2020 (1)
- February 2020 (1)
- January 2020 (3)
- December 2019 (1)
- November 2019 (2)
- October 2019 (3)
- September 2019 (5)
- August 2019 (2)
- July 2019 (3)
- June 2019 (3)
- May 2019 (2)
- April 2019 (3)
- March 2019 (2)
- February 2019 (3)
- January 2019 (1)
- December 2018 (3)
- November 2018 (5)
- October 2018 (4)
- September 2018 (3)
- August 2018 (3)
- July 2018 (4)
- June 2018 (4)
- May 2018 (2)
- April 2018 (4)
- March 2018 (5)
- February 2018 (3)
- January 2018 (3)
- December 2017 (2)
- November 2017 (4)
- October 2017 (3)
- September 2017 (5)
- August 2017 (3)
- July 2017 (3)
- June 2017 (4)
- May 2017 (4)
- April 2017 (2)
- March 2017 (4)
- February 2017 (2)
- January 2017 (1)
- December 2016 (1)
- November 2016 (4)
- October 2016 (2)
- September 2016 (4)
- August 2016 (5)
- July 2016 (3)
- June 2016 (5)
- May 2016 (3)
- April 2016 (4)
- March 2016 (5)
- February 2016 (4)