Microsoft has attributed CVE-2022-38392 to Janet Jackson’s “Rhythm Nation” for crashing laptops

‘Rhythm Nation’ by Janet Jackson has been known to crash certain outdated PCs. Raymond Chen, a Microsoft veteran, provides an explanation.

According to Chen, in the early 2000s, a “big computer manufacturer” noticed that Jackson’s 2009 hit Rhythm Nation was crashing some computers and even causing a nearby laptop to crash even though it wasn’t playing the song.

Chen notes that this is due to the fact that Rhythm Nation was encoded with one of the “natural resonance frequencies” of laptops with 5400rpm hard drives. These days, 5400rpm discs are mostly found in antiquated laptops, so you can breathe a sigh of relief. A coworker he was collaborating with on a Windows XP support issue told him the tale. Playing Rhythm Nation on YouTube from a modern laptop shouldn’t damage the drive, as most of them now have Solid State Drives (SSD) instead of a spinning disc.

It turns out that the song has one of the natural resonance frequencies employed by the designers of the 5400rpm laptop hard drives, as explained by Chen.

A Common Vulnerabilities and Exposures (CVE) identifier has been assigned to the flaw by MITRE, a US government-backed body that oversees the CVE system for monitoring security problems, as reported by The Register. It explains how the Rhythm Nation music video is exploitable via a “resonant frequency attack” (CVE-2022-38392), which can lead to a denial of service.

A resonant-frequency attack using the audio signal from the Rhythm Nation music video can cause a denial of service (device malfunction and system crash) on a specific 5400 RPM OEM hard drive, as shipped with laptop PCs in around 2005, according to MITRE’s findings.

A Register reader pointed out that the reason troops walk out of step when crossing a bridge is due to “resonant feedback,” a well-known problem in engineering. In 1831, the Broughton suspension bridge supposedly collapsed due to mechanical resonance created by the footfall of British soldiers marching in tandem.

Chen mentions the Tacoma Narrows bridge, which was destroyed by winds in 1940 and is located not far from Microsoft’s headquarters in Seattle. According to History.com, wind vibrations could cause damage to the bridge. There was a breaking point reached when the frequency oscillations became too great.

Disk performance is known to suffer from vibrations brought on by noise. Chen refers to a hilarious movie made in 2009 by Brendan Gregg, a well-known engineer who was working on the analytics package Solaris Fishworks at Sun Microsystems at the time. Gregg showed us what happens when a datacenter administrator gets so worked up about yet another Java problem that he or she decides to yell at a disc array. Because of his loud voice, disc latency and I/O operations were noticeably slowed. Gregg draws the conclusion that “high latency induced by disc vibration is a serious issue.”

The original equipment manufacturer (OEM) whose laptops were damaged by Jackson’s song developed a workaround called a bespoke filter that was integrated into the audio pipeline and was designed to identify and eliminate the offending frequencies during playback. To Chen’s knowledge, the filter is now redundant, but he wonders if the vendor remembers to take it off the market.

“The equivalent of a “Do not remove” label was probably placed on the digital audio filter. (However, I am concerned that in the many years since the workaround was implemented, no one will recall its original purpose. Hopefully their laptops haven’t been carrying around that audio filter all this time, protecting an old kind of hard drive they no longer use.”

Recently, researchers have uncovered a variety of acoustic side-channel attacks that can coerce a CPU into leaking sensitive information.