FCC Hackers Broadcast Fake Emergency Alerts Across US Radio Networks
Hackers have infiltrated US radio broadcast equipment, transmitting fake emergency alerts and obscene messages on frequencies used for weather warnings and Amber Alerts. The Federal Communications Commission reports at least 12 incidents since November 20, affecting stations in California, Texas, and Florida, where unauthorized voices issued fabricated tornado warnings and profane rants. These breaches exploit vulnerabilities in legacy analog systems, disrupting public safety communications for up to 30 minutes per event.
The FCC’s Enforcement Bureau traced the attacks to a coordinated group using spoofed credentials to access remote control interfaces on over 200 FM and AM transmitters nationwide. Attackers broadcast audio clips mimicking official tones, including a false evacuation order in Los Angeles that prompted 150 false 911 calls. The intrusions bypassed basic authentication, relying on default passwords unchanged since the 1990s on equipment from manufacturers like Harris and Broadcast Electronics.
Affected stations include iHeartMedia’s cluster in San Diego, where a hacker aired a 15-minute loop of explicit content, forcing manual overrides and temporary blackouts. In Houston, a fake chemical spill alert interrupted NOAA weather feeds, confusing listeners during rush hour. The FCC estimates 5 million potential exposures across urban markets, with no evidence of physical harm but heightened public distrust in alert systems.
Security experts attribute the hacks to nation-state actors testing infrastructure weaknesses, similar to 2023 disruptions in European broadcasters. The attackers used VPNs routed through Eastern European servers, deploying malware that records and replays legitimate signals with alterations. Recovery involved firmware updates and air-gapped backups, costing stations an average of $45,000 per incident in downtime and remediation.
The FCC has issued emergency directives mandating two-factor authentication and annual penetration testing for all licensed broadcasters by March 2026. Partnerships with CISA and the FBI are accelerating threat intelligence sharing, including a new dashboard for real-time anomaly detection. Broadcasters must report breaches within one hour, up from 24 hours, to enable faster federal response.
This wave coincides with rising geopolitical tensions, where radio remains a critical vector for emergency dissemination in rural and disaster-prone areas. Urban stations, reliant on IP-based controls, face amplified risks from DDoS precursors. The incidents underscore gaps in the Emergency Alert System, established in 1997, which lacks end-to-end encryption for over 70 percent of endpoints.
For US consumers, the hacks erode confidence in tools like the Wireless Emergency Alerts on smartphones, which relay radio signals. The FCC plans public awareness campaigns in Q1 2026, emphasizing verification of alerts via multiple sources. Station owners, including Cumulus Media, are investing $200 million collectively in upgrades, prioritizing AES-256 encryption for remote access.
Broader cybersecurity implications extend to integrated broadcast-IP hybrids, where 5G backhaul introduces new attack surfaces. Experts recommend zero-trust architectures, segmenting control networks from content streams. As investigations continue, the FCC warns of potential fines up to $500,000 per violation, signaling a crackdown on non-compliant operators.
These events highlight the fragility of analog-digital convergences in public infrastructure. With 91 percent of Americans relying on radio for emergencies, swift modernization is essential. Collaborative efforts between regulators and tech firms aim to fortify resilience, ensuring alerts serve as lifelines rather than liabilities.
