Engineering: Barix Box Advisory
On April 6, The Alabama Broadcasters Association shared this with us…from one of their members:
“Someone is attacking Barix Boxes. Within the past 24 hours, several radio stations and at least one radio network have been compromised. The Barix receiver is pointed to an obscene podcast and its password changed so it can only be reset manually. This appears to have been in the planning stages for some time by the person doing it – apparently they have been accumulating passwords for some time. MAKE SURE that your password is of sufficient strength! Barix Boxes will take up to 24 characters…. In at least two cases six character passwords were cracked.”
Updated 9:16am on 4/7/16: Apparently the reported Colorado signal hack was related to this Barix story. Read about the KIFT signal hack here.
The stream programmer who had their explicit content aired on the Colorado radio station did their own investigation into the incident and provides some insight here.
Updated 2:10pm on 4/6/16: Jason Walther, CE of Townsquare Media (Lansing) adds: “Best advice is to change your password to the web interface, and hide it behind a firewall that only exposes the ports needed to receive the stream (aka: port forwarding)
When these boxes are connected to a plain static IP and no changes are made, they are an easy target.
Also, if you have a Comrex Access unit that sits open with “Accept Incoming Calls”, you will get hacked the same. It is easy to disable incoming SIP connections.