A String of Radio Hijacks Exposes a Deeper Broadcast Weakness

The recent hijack of 107.7 The Bay in Michigan is the latest flashpoint in a string of broadcast intrusions that have been quietly accumulating across the United States. Listeners reported sped‑up Disney music, fabricated alert tones, and abrupt silence, echoing earlier incidents at unrelated stations. Although each event seemed isolated, the Federal Communications Commission’s November public notice linked them through a common attack vector: compromised studio‑to‑transmitter links. This emerging trend signals that the broadcast chain, once considered a low‑risk target, is now a viable foothold for cyber actors seeking high‑visibility disruption.

At the technical core of these breaches lies Barix equipment, a popular line of IP audio codecs used to transport program audio from studios to transmitters. Many stations have left these devices exposed to the internet with default credentials or outdated firmware, allowing attackers to reconfigure the stream and inject malicious audio. Once in control, perpetrators can broadcast obscene material, political propaganda, or simulated Emergency Alert System (EAS) tones that mimic official warnings. The misuse of EAS tones is especially concerning because it can desensitize audiences to genuine alerts, undermining the system’s credibility during real emergencies.

For broadcasters, the stakes are clear: a compromised signal jeopardizes brand reputation, regulatory compliance, and, most critically, public safety. The FCC’s warning urges stations to audit network configurations, enforce strong authentication, and apply timely firmware updates. Industry groups are also calling for standardized security baselines for broadcast equipment. As the media landscape becomes increasingly digitized, safeguarding the transmission path is essential not only to protect content but also to preserve the trust that underpins the nation’s emergency communication infrastructure.