Janet Jackson’s Music Video is Now a Vulnerability for Crashing Hard Disks
Janet Jackson’s Rhythm Nation music video of 1989 has officially been declared a security vulnerability as it freezes some models of hard drives on older computers.
Assigned CVE-2022-38392, the vulnerability we are talking about is a Denial of Service (DoS), specifically a side-channel attack that causes hard drives of some laptop PCs from 2005 to malfunction and crash. And, it’s to do with a physical phenomenon known as resonance that might take you back to your high school days.
Rhythm Nation’s frequency hits hard drives, hard
A broken record, and “tape stop” are all too familiar terms for DJs and music enthusiasts, but a song crashing hard disks you say? Now that would make anyone glare.
Also Read: Expedited Data Breach Decision: PDPC Guide on Active Enforcement
In a succinct writeup, Microsoft blogger Raymond Chen has revealed this week why playing a certain music video, back in the day, would crash some laptops.
“A colleague of mine shared a story from Windows XP product support A major computer manufacturer discovered that playing the music video for Janet Jackson’s ‘Rhythm Nation’ would crash certain models of laptops,” describes Chen.
“I would not have wanted to be in the laboratory that they must have set up to investigate this problem. Not an artistic judgement.”
Not just that, playing the music video was, according to Chen, even crashing laptops made by competitors.
Chen reflects that investigators discovered something even weirder:
“Playing the music video on one laptop caused a laptop sitting nearby to crash, even though that other laptop wasn’t playing the video!”
“It turns out that the song contained one of the natural resonant frequencies for the model of 5400 rpm laptop hard drives that they and other manufacturers used.”
Resonance is a physical phenomenon by which the sound produced by an object vibrates at the same frequency as the sound waves from another object. This can give rise to an increased amplitude.
This is how bridges have collapsed in the past and also why soldiers break stride when marching across a bridge.
Music video gets a CVE
It’s official. Rhythm Nation has been deemed a security vulnerability and assigned identifier, CVE-2022-38392 by MITRE.
Also Read: February 2022 PDPC Incidents and Undertaking
Although realistically speaking, the security risk from playing the music video in this day on modern equipment would be virtually non-existent.
Even back in the day, Chen explains, manufacturers resolved this problem “by adding a custom filter in the audio pipeline that detected and removed the offending frequencies during audio playback.”
So much hassle from a soundtrack!
“And I’m sure they put a digital version of a ‘Do not remove’ sticker on that audio filter (Though I’m worried that in the many years since the workaround was added, nobody remembers why it’s there. Hopefully, their laptops are not still carrying this audio filter to protect against damage to a model of hard drive they are no longer using.),” mocks the blogger.
In 2017, a security researcher named Alfredo Ortega demonstrated how playing a 130Hz tone could make an HDD stop responding to commands almost entirely.
The same year, scientists from Princeton and Purdue published research explaining acoustic attacks on hard drives that could sabotage PCs, ATMs and CCTV systems.