Janet Jackson's Denial of Service (DoS) Attack
Janet Jackson might not be the first person who comes to mind when you think of a hacker. But she inadvertently created a malicious payload that performed a Denial of Service (DoS) attack on many different hard drive models manufactured in 2005 and later that rotated at a speed of 5400 rpm (rotations per minute).
How did it work?
If your computer had a 5400 rpm hard drive, all you had to do was play Janet Jackson’s Rhythm Nation music video and it would unleash an acoustic resonance attack that damaged the hard drive.
This is because the song contains a frequency that matched the natural resonant frequency of the drive. When the sound waves from the song hit this specific frequency, it caused the rotating platters inside the hard drive to vibrate excessively, damaging both the read/write heads and the areas of the platters that came in contact with them.
It’s the same principle that allows an opera singer to shatter glass by singing a particular note – that note would match the glass’s resonant frequency.
Is this known by the Cybersecurity community?
Yes it is, and each known vulnerability that allows for an attack is formally recognized by the cybersecurity community with a Common Vulnerabilities and Exposures (CVE) entry – in this case, CVE-2022-38392. The CVE number indicates that it was officially cataloged in 2022. If you click the CVE link and read the description, you’ll note a recent Seagate hard drive model listed that is still affected by this vulnerability and likely used to discover the vulnerability by security researchers.
Why is this attack important?
While this attack is not the result of a typical software vulnerability, it is treated with legitimate interest in cybersecurity circles for a few reasons.
Firstly, it’s a superb example of an side-channel DoS attack, where physical properties can be exploited to cause real-world hardware failures – something that is becoming increasingly common and is of key interest to security researchers. The same acoustic side-channel DoS attack described by CVE-2022-38392 is also used today to disrupt Micro Electronic Mechanical Systems (MEMS) sensors in drones and smartphones. And similar rowhammer side-channel DoS attacks are used today to exploit electrical interference between memory cells within your computer, tablet, smartphone, embedded, or Internet of Things (IoT) devices.
Secondly, it’s an important reminder that:
- Not all attacks are digital. Nearly any type of device can be compromised or crashed by real-world interactions.
- It sometimes takes decades to detect an attack. Just think of how many people experienced a failed hard drive since 2005 and didn’t realize it was because they played the Rhythm Nation song by Janet Jackson!
Did this attack happen to me?
Now that I look back on things, yes, I’m 95% certain it did, twice.
In 2005, I bought a 12" Apple PowerBook G4 that I used to write several textbooks for Cengage (then Course Technology). I found that I worked better in a public setting than at home, so I wrote the majority of my books at the Starbucks in the Kitchener Chapters location at the time. And yes, I plugged headphones into my PowerBook to listen to music while I wrote, and Rhythm Nation was definitely part of my iTunes playlist (it’s a great song).
While I don’t remember exactly what I was listening to when the 60 GB, 5400 rpm Toshiba hard drive shown right failed, I do remember that I was having weird system issues and Word crashes during the whole afternoon. As a result, I was more aggressive at backing up my work – this was long before we had GitHub, so I just emailed new versions of my Word documents periodically to my online email account.
When the macOS operating system eventually froze and the system wouldn’t reboot successfully, I had lost only two paragraphs of Chapter 5 since my last backup. Reinstalling macOS on the drive wouldn’t complete due to the same hard drive crashes, so I replaced the hard drive myself with a 120 GB, 5400 rpm Fujitsu one that I got on sale.
A few years later, that Fujitsu drive also died. Damn you, Rhythm Nation.