An explicit podcast about furries went out on several US radio stations after a somewhat bizarre hacking incident.
Listeners to at least three stations were unexpectedly treated to most or all of an episode of FurCast, a podcast for people with a very particular interest in anthropomorphised animals, often in the form of adults wearing costumes. The makers of the podcast have made clear they had no involvement in the unauthorized broadcast.
The incident appears to have been either a prank or a stunt to expose security weaknesses in Barix, a streaming box used by some radio stations to automate playouts. FurCast says its logs show an unexpected rise in the number of requests to stream its content, all of which were listed as “Barix Streaming Client.”
The problem appears to have been two-fold. Firstly, the boxes were configured in a way that made them easily discoverable online, including on “Internet of Things search engine” Shodan. Secondly, despite the boxes allowing for passwords up to 24 characters, some of those compromised appear to have passwords set as short as six characters.
The people behind FurCast say they took immediate action on discovering the breach, which was around eight hours after it began. As well as blocking requests from the compromised IP addresses, they changed the URL of their podcast stream.
They added that they did not welcome the unexpected exposure. “Our content is discovered by individuals who specifically seek what we produce, and they do not normally come into contact with it via public means. We have no interest in being discovered by a mainstream audience.”