Yes, you’ve read that headline correctly! Janet Jackson’s 1989 pop hit Rhythm Nation has been declared as a cybersecurity vulnerability after Microsoft reported it can freeze or crash old laptops.
Janet Jackson on her 1989 hit Rhythm Nation sang, “WTF! People of the world today, are we looking for a better way of life?”, unaware of the fact that the better way of life she was singing about didn’t include certain hard drives. It’s just been discovered that this particular song has the power to freeze some hard drives on older laptops, especially those laptops from the mid-2000s. Thus, it has now been declared as a cybersecurity vulnerability.
The Microsoft researcher Raymond Chen, said that one of his colleagues shared a story from Windows XP product support that described how Jackson’s track would crash particular models of laptops while playing it within proximity of the device.
Later, during his investigation, Raymond Chen found that the audio signal from this music video crashed some of their competitors’ laptop computers. But there was more to it than that. It also discovered that playing it on one system caused other nearby systems to crash.
The quirk is that this song contains one of the natural resonant frequencies for the model of 5400 rpm laptop hard drives that they and other manufacturers used.. It caused the HD platters to contact the drive head, resulting in a crash.
The laptop manufacturers addressed this quirk by adding a custom filter in the audio pipeline that detected and removed the offending frequencies during audio playback. The phasing out of 5,400 RPM hard drives in laptops and the declining popularity of Jackson’s song likely helped, too.
In spite of that, on August 17 2022, this problem was added to the register of Common Vulnerabilities and Exposures by The Mitre Corporation and has been acknowledged by security vendor Tenable. As a result, the Rhythm Nation music video has been listed as CVE-2022-38392 and described as “a particular 5400 RPM OEM hard drive (shipped with laptop PCs in approximately 2005) which allows physically proximate attackers to cause device malfunction or system crash via a resonant-frequency attack with the audio signal.
In April 2021, researchers at the Ben Gurion University in Israel exhibited a novel technique called AiR-ViBeR that could steal data from air-gapped PCs (systems that are physically isolated with no online access) without being detected.
The proof-of-concept has its origin from the theory that it’s possible to utilize vibrations generated by electromechanical components (CPU, GPU, or case fans) in combination with special malware that is capable of encoding the data to be transmitted via direct manipulation of the fan speed.
