The listing of ‘Common vulnerabilities and exposures’ (Common Vulnerabilities and Exposures, in English) is a public registry —maintained with funds from the US National Cybersecurity Division— in which accredited organizations notify the detection of new vulnerabilities in computer systems. Each new vulnerability receives an identifier code with a format similar to this: CVE-2022-38392.





In fact, this code corresponds to one of the latest vulnerabilities detected and is possibly one of the strangest that have ever been —or will be— part of this list. Because in this case, the vulnerability is not a security hole that allows escalation of privileges, or a buffer overflow that can hang your computer, no. This is a music video.

a music video capable of altering the operation of a hard drive.

But this girl didn’t sing so bad, right?

Specifically a video of Janet Jackson in 1989. “Janet Jackson had the power to crash laptops,” Raymond Chen announced on his developer blog at Microsoft.com

Turns out the music video for ‘Rhythm Nation’ (see below) is capable of blocking certain laptop models, the company that made them discovered while investigating the abnormal behavior of some of them. The name of this company has not been revealed, but he did discover that some models from other manufacturers suffered from the same problem.

But how did he get that? Was the song that bad? Well, artistic judgments aside, it was discovered that the ‘Rhythm Nation’ video contained one of the natural resonance frequencies for the 5400rpm model of hard drives used by the affected models. In fact, the description of the problem in the CVE lists it as a vulnerability against ‘resonance frequency attacks’.

Any body or system with one or more own resonance frequencies and, when subjected to them, they are capable of provoking their maximum state of vibration…which, in the case of a hard drive, tends to be a bad idea. It sounds strange, but it’s a well-known engineering problem…

…although don’t trust it if —as Raymond Chen does on his blog— they give you the famous collapse of the Tacoma Narrows Bridge as an example of this. Better think about the example of the opera singer hitting the note that causes the crystal glasses to start exploding.. In any case, bridges aside, it is not the first time that it has been verified that the human voice is capable of altering the latency of the read/write operations of a hard disk:

Actually, this vulnerability was discovered several years ago, shortly after laptops went on sale (around the year 2005); the manufacturer fixed the issue by adding a custom filter in the audio pipeline that detected and eliminated the dangerous frequencies in question during audio playback.

If they have revealed it now, we suppose, it is mainly because most of those laptops released with 5400rpm hard drives are no longer in use. And because hardly anyone listens to Janet Jackson anymore.

Via | The Register