FCC Warns of Cybersecurity Risks After Texas, Virginia Breaches

The FCC issued an urgent warning to U.S. broadcasters after hackers hijacked radio stations in Texas and Virginia, using insecure networked audio gear to inject fake emergency tones and racist, obscene content into live broadcasts. The agency is telling stations to tighten cybersecurity on their studio-to-transmitter links and Emergency Alert System (EAS) equipment to prevent similar breaches.​

What happened in Texas and Virginia

Two recent incidents involved radio stations in Texas (KFNC 97.5 near Houston) and Virginia (WRIQ/Radio IQ near Richmond), where attackers took over the audio chain and replaced normal programming with a loop that included real or simulated EAS tones and a song with explicit, racist lyrics. The FCC said the affected stations ended up broadcasting an attacker-controlled audio stream containing emergency attention signals along with obscene and bigoted material.​

The compromises exploited weak points in backup transmission setups: one station was operating from a backup transmitter after a power outage, while another had a backup audio source that automatically triggered when silence was detected, giving attackers a path in through exposed equipment.​

FCC’s cybersecurity warning

In a public notice, the FCC’s Public Safety and Homeland Security Bureau described a “series of cyber breaches” in which hackers seized control of radio transmission gear to send bogus alerts and profane language. The notice specifically pointed to inadequately secured Barix network audio devices—commonly used to send audio from studios to transmitters—as a key vulnerability that allowed attackers to redirect the audio feed.​

The FCC warned that such hijacks can erode public trust in genuine emergency alerts and potentially cause confusion or panic if listeners mistake fake tones or messages for real warnings about storms, disasters, or other crises.​

Key technical risks

The incidents highlight several cybersecurity weaknesses in broadcast infrastructure:​

• Exposed audio-over-IP devices (such as Barix units) reachable over the open internet without proper network protection.

• Default or weak passwords and outdated firmware on networked audio and EAS-related equipment.

• Poorly secured backup paths and “silence-sensing” failover systems that can be manipulated to play attacker-supplied content.

• Limited monitoring of EAS and transmission logs, which can delay detection of unauthorized access.

These weaknesses are especially concerning because the same paths used to distribute routine audio can also carry emergency tones that the public associates with official alerts.​

FCC recommendations to broadcasters

The FCC urged broadcasters—particularly those using Barix and similar networked audio devices—to immediately strengthen their defenses. Recommended steps include:​

• Update all firmware and software on Barix and other audio-over-IP devices and apply vendor security patches promptly.​

• Change all default passwords and enforce strong, unique credentials for EAS equipment, networked audio devices, and related systems.​

• Place EAS and audio transport gear behind firewalls and use VPNs for remote links instead of exposing configuration interfaces directly to the internet.​

• Continuously monitor logs for EAS and transmission systems to spot suspicious access or configuration changes.​

Industry experts quoted in coverage emphasized that as technical staff and budgets shrink, stations must still treat these devices as critical network assets, not simple “black boxes,” and ensure they are securely integrated into the overall IT environment.​

If you’d like, guidance can be tailored into a short checklist for a specific type of station or network setup.