You’ve probably heard the old joke: “Humor in Public Service? This is no laughing matter!”
But the thing about these kinds of downbeat, blanket judgments is that it only takes a single counter-example to disprove them.
Something cannot be universally true if it is ever false, even for a moment.
So, wouldn’t it be nice if the public service could be excited once in a while…
…enthusiastic, in fact, as the catchy Janet Jackson dance number rhythm nationReleased in 1989 (yes, it was really that long ago)?
It was an era of shoulder pads, MTV, big-budget dance videos, and in-your-ears and in-your-face lyrical music that even YouTube’s contemporary auto-transcription system sometimes renders like this:
Bass, bass, bass, bass ♪ (Upbeat R&B Music) ♪ Dance beat, dance beat
Well, as Microsoft superblogger Raymond Chen pointed out last week, this very song was apparently involved in a surprising system crash vulnerability in the early 2000s.
According to Chen, a major laptop manufacturer of the day (he didn’t say which one) complained that playing certain music through the laptop speakers was prone to crashing Windows.
The crashes were not limited to the laptop playing the song, but could also trigger nearby laptops that were exposed to the “vulnerability-triggering” music, and even laptops from other vendors.
Resonance is considered harmful
Obviously, that was the final conclusion rhythm nation recently consisted of beats of the correct pitch, repeated at the correct rate, which provoked a phenomenon known as Resonance On laptop disk drives of the day.
Roughly speaking, this resonance magnified and exaggerated the natural vibrations in hard disk drives (which actually consisted of hard disks at the time, made of steel or glass and spinning at 5400rpm) to the point that they would crash, bringing down Windows. XP with them.
Resonance, as you may know, is the name given to the phenomenon by which singers can shatter wine glasses by producing the correct note long enough to vibrate the glass to pieces.
Once they have locked the frequency of the note they are singing at the natural frequency at which the glass likes to vibrate, their chanter continuously increases the amplitude of the vibration until it is too much for the glass to pick up.
This is also what allows you to quickly build height and speed in the swing.
If you time your kicks or thrusts randomly, sometimes they boost your speed by acting in tandem with the swing, but other times they work against the swing and instead slow you down, leaving you swinging unsatisfactorily.
But if you time your energy input so that it always exactly matches the frequency of the swing, you continually increase the amount of energy in the system, and thus your swings increase in amplitude, and you gain height faster.
A skilled swinginer (in a properly designed, well-mounted, “solid-arm” swing, where the seat is not attached to the pivot by a flexible rope or chain – don’t try this at the park!) can send a swing. Top right in a 360-degree arc with a few pumps…
… and deliberately timing their pumps out of order to stop the swing momentum, can quickly stop it completely again.
Proof of concept
We’re guessing there were probably plenty of other popular songs that could have provoked this hard-disk resonance to the point of failure, but rhythm nation This was a proof of concept showing that the vulnerability could be actively exploited.
Chen reports that the laptop vendor added a frequency filter to the laptop’s own audio system to remove problematic frequency bands, thus leaving the sound audibly unchanged but acoustically harmless.
By filtering frequencies all the time, instead of trying to identify Janet Jackson’s song specifically, this electronic countermeasure became a generic and proactive cybersecurity fix, not just a specific patch on a tune.
Well, back to the issue of humor in public service…
…It turns out that someone at MITER in the US has coordinated the CVE bug numbers, assigning the issue an official bug number as follows:
CVE-2022-38392: Denial of Service (Equipment Malfunction and System Crash):
A certain 5400 RPM OEM hard drive, shipped with laptop PCs around 2005, allows physically proximate attackers to cause a denial of service via a resonant-frequency attack with the audio signal from a Rhythm Nation music video. .
Even in a world where solid-state drives (SSDs, often still called discAlthough they don’t have circular parts, let alone rotating ones) are widespread, you can still buy old-school hard disks with moving parts, typically running at 5400rpm, 7200rpm and 10,000rpm.
Old-school hard drives typically offer much higher capacity for a much lower price than SSDs, but they’re rarely found in business-class laptops these days, because they’re slower, usually require more power, and aren’t shock-proof. Evidence as their transistorized cousin.
what to do
Whether SSDs are vulnerable to music that focuses on other frequency ranges or amplitudes, we can’t say.
While R&B may have been the Achilles heel of rotating-media storage devices in the early 2000s, perhaps loud but low-tuned, sludgy, old-school “coding music” may eventually prove too much for fully digital solid-state laptop storage. ?
We don’t expect fans of bands like The Melvins, Sleep, Monolord and the like to take unnecessary experimental risks with their own laptops.
But if anyone knows any heavy-duty riffs that can be turned into exploits…
…they may qualify for CVE numbers, although we don’t know where these types of vulnerabilities would fit into the MITER ATT&CK. Tools, tips and procedures framework.
Please suggest in the comments!