The music video for Janet Jackson’s 1989 pop hit Rhythm Nation has been recognized as an exploit for a cybersecurity vulnerability after Microsoft reported it can crash old laptop computers.
“A colleague of mine shared a story from Windows XP product support,” wrote Microsoft blogger Raymond Chen.
The story detailed how “a major computer manufacturer discovered that playing the music video for Janet Jackson’s Rhythm Nation would crash certain models of laptops.”
Further investigation revealed that multiple manufacturers’ machines also crashed. Sometimes playing the video on one laptop would crash another nearby laptop. This is mysterious because the song isn’t actually that bad.
Investigation revealed that all the crashing laptops shared the same 5400 RPM hard disk drive.
“It turns out that the song contained one of the natural resonant frequencies for the model of 5400 RPM laptop hard drives that they and other manufacturers used,” Chen wrote.
The manufacturer that found the problem apparently added a custom filter in the audio pipeline to detect and remove the offending frequencies during audio playback.
Few modern machines have hard disk drives, never mind drives that rotate at the unfashionably slow speed of 5400 revolutions per minute. Also, hardly anybody listens to Janet Jackson anymore.
The Register nonetheless reports this news because The Mitre Corporation has seen fit to list it on the register of Common Vulnerabilities and Exposures (CVEs) – the definitive list of cybersecurity vulnerabilities we all need to watch out for.
It’s listed as CVE-2022-38392 and has already been acknowledged by security vendor Tenable.
While the bug seems comical, side-channel attacks are a real threat. Israeli researcher Mordechai Guri has found ways to attack computers including by making memory emit radiation in the same bands used by Wi-Fi and encoding information into those emissions.
Owners of laptops with old, slow, hard disks therefore need to be very careful if they hear Janet Jackson tunes while they work – which is why we’ve not embedded Rhythm Nation in this story.
But it does feel safe to remind readers of the weirdest bug The Register has previously encountered: Cisco’s alert about cosmic rays crashing some kit. ®