Quick News Bit

Microsoft: Janet Jackson’s ‘Rhythm Nation’ assigned CVE-2022-38392 for crashing laptops

0
the-old-hard-disk-drive-is-disintegrating-in-space.jpg

Getty Images/iStockphoto

Playing Janet Jackson’s ‘Rhythm Nation’ on some older laptops causes them to crash. Microsoft veteran Raymond Chen explains why. 

According to Chen, a “major computer manufacturer” at some point in the 2000s discovered that Rhythm Nation, a Jackson hit released in 2009, was crashing some laptops and caused a nearby laptop to crash even though it wasn’t playing the song.

The reason, explains Chen, is that Rhythm Nation contained one of the “natural resonant frequencies” on laptops with 5400rpm hard drives. Fortunately, devices with disk spinning at 5400rpm are only common in older laptops. He heard the story from a fellow employee working on a Windows XP support issue. Most laptops today come with Solid State Drives (SSD) with no spinning disk, so it should be safe to play Rhythm Nation on YouTube from these.

“It turns out that the song contained one of the natural resonant frequencies for the model of 5400rpm laptop hard drives that they and other manufacturers used,” explains Chen.

Via The Register, the bug has now been issued a Common Vulnerabilities and Exposures (CVE) identifier by MITRE, the US government-backed organization that maintains the CVE system for tracking security bugs. It describes CVE-2022-38392 as a denial of service flaw caused by a “resonant frequency attack” via the Rhythm Nation music video.

“A certain 5400 RPM OEM hard drive, as shipped with laptop PCs in approximately 2005, allows physically proximate attackers to cause a denial of service (device malfunction and system crash) via a resonant-frequency attack with the audio signal from the Rhythm Nation music video,” MITRE says. 

As a reader of The Register pointed out, “resonant feedback” is a well-known engineering issue and is why soldiers break step when crossing a bridge. British soldiers marching in unison reportedly caused the Broughton suspension bridge to collapse in 1831 due to mechanical resonance induced by soldiers’ footsteps.      

Chen points to the Tacoma Narrows bridge near Microsoft’s HQ in Seattle, which collapsed in 1940 due to high winds. History.com reported that the bridge was vulnerable to vibrations generated by wind. When the frequency oscillations reached a certain point, it collapsed. 

Sound also causes vibrations, and these are known to negatively impact disk performance. Chen points to a humorous 2009 video by well-known engineer Brendan Gregg, then at Sun Microsystems working on its Solaris Fishworks analytics software. Gregg demonstrated what happens to disk performance when your datacenter admin, enraged at another Java bug, decides to roar at a disk array. His shouting measurably increased disk latency and slowed I/O operations. “High latency caused by disk vibration is a real issue,” concludes Gregg.   

The OEM whose laptops were affected by Jackson’s song worked around Rhythm Nation by including a custom filter in the audio pipeline that detected and removed the specific frequencies during audio playback. Chen wonders if the vendor remembered to remove the filter now that it serves no purpose.

“And I’m sure they put a digital version of a “Do not remove” sticker on that audio filter. (Though I’m worried that in the many years since the workaround was added, nobody remembers why it’s there. Hopefully, their laptops are not still carrying this audio filter to protect against damage to a model of hard drive they are no longer using.)”

In recent years, researchers have discovered multiple acoustic-based side-channel attacks that can force a CPU to leak secrets.  

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! NewsBit.us is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Leave a comment