Fun fact: it's illegal in the US to simply use the tone (853, 960Hz overlaid) in a non-emergency broadcast.
FCC sounds alarm after emergency tones turned into potty-mouthed radio takeover
Malicious intruders have hijacked US radio gear to turn emergency broadcast tones into a profanity-laced alarm system. That's according to the latest warning issued by the Federal Communications Commission (FCC), which has flagged a "recent string of cyber intrusions" that diverted studio-to-transmitter links (STLs) so …
-
-
-
-
Thursday 27th November 2025 19:24 GMT DS999
Its like a song with sirens
If you hear that in your car and you aren't familiar with the song you will check your mirrors to see if there's an ambulance behind you. Or back in the day when Nokia phones and that specific ring were ubiquitous, if that was on a TV show you might reach for your phone.
They want that type of reaction to only happen when there's an emergency broadcast, and not allow people to become desensitized to it.
-
Thursday 27th November 2025 21:44 GMT Anonymous Coward
Yeah, it is.
It is indeed in-band signaling, which originated in the old EBS (Emergency Broadcast System) from the 1960s. The intent was to have primary EBS stations broadcast the specific tones -- which were chosen due to the unlikelihood of their occurring accidentally in typical broadcast material -- and receivers at downstream stations would trip automatically, alerting the staff to take predetermined actions. Worked quite well, too.
-
-
-
-
Thursday 27th November 2025 14:45 GMT KittenHuffer
"playing an extremely vulgar track"?
So something by The Macc Lads then?!?
-
-
Thursday 27th November 2025 16:47 GMT Anonymous Coward
Re: Yet...
WTF does the federal cybersecurity budget (which should be larger than it currently is) have to do with terrible, or terribly configured, Swiss-made commercial radio equipment? Nothing.
I'm not sure why they didn't go after a larger provider like iHeartMedia, Cumulus,or Townsquare Media.
-
-
Thursday 27th November 2025 16:14 GMT Mike 137
"best practices" ????
● promptly patching and updating firmware
● replacing default passwords with strong alternatives (and rotating them periodically)
● putting EAS and other critical audio gear behind firewalls or VPN-protected networks
● restricting remote management to authorized devices
● systematically auditing logs for suspicious access attempts
Assuredly, the assumption that these are "best practices" is a prime source of our abysmal level of cybersecurity. They're the absolute minimum basics.
-
Thursday 27th November 2025 21:35 GMT MachDiamond
Re: "best practices" ????
"● replacing default passwords with strong alternatives (and rotating them periodically)"
I've never seen the point of rotating passwords just because. That leads to people needing to write them down on sticky notes and affix them to their monitors so they don't forget what's current.
-
Thursday 27th November 2025 21:45 GMT david 12
Re: "best practices" ????
There are reasons for rotating passwords, that have to do with the source and nature of password leakage.
But I think that the main *value* of password rotation comes from situations where overall password handling is *very very bad*.
I recall one situation where all of the users had the same database login and password. When it was compromised, the first action was to change the password
This used to be very common: it is the original use case. And the original use case included password rotation" -- password of the day -- pass, friend.
-
-
Saturday 29th November 2025 06:35 GMT MachDiamond
Re: "best practices" ????
"Of course NIST changed their recommendation away from periodic rotation in, wait for it, 2017."
Hmm, the US Copyright office never heard about that. They require a new password every 90 days and I file around, wait for it, every 90 days for full protection. If I forget my password since it changes so often, it's dead easy to have it reset. Now where's that security again?
-
-
-
-
Thursday 27th November 2025 16:56 GMT dirigible
Fines?
So, will the responsible (in the sense that it’s their transmitter) radio stations be fined for sending the emergency tones and dirty words to the Æther?
After all, it’s not just the loss of a gazillion customer records, youngins will hear shit on the radiowaves! (The three amish children that still listen to radio.)
(see icon)
-
Thursday 27th November 2025 20:09 GMT IGotOut
It's lucky it was so benign...
If it's a potty mouth tirade, then most people would go WTF? Then move on.
If it had alarms going then a convincing voice had said "China has just launched several hundred missiles bound for the USA. They are due to arrive in the next 26 minutes. Please take shelter and await further instructions" I'd say all hell would have broken lose.
Biting the hand that feeds IT
