Microsoft: Bug in Janet Jackson’s “Rhythm Nation” could crash a laptop
Janet Jackson
Jonathan Greig August 20, 2022

Microsoft: Bug in Janet Jackson’s “Rhythm Nation” could crash a laptop

Microsoft: Bug in Janet Jackson’s “Rhythm Nation” could crash a laptop

Hide your laptops if you hear Janet Jackson’s “Rhythm Nation” — a bug related to the 1989 hit song has officially been declared a security issue in need of a CVE.

Tagged as CVE-2022-38392, the vulnerability comes from a phenomenon discovered by Microsoft where playing “Rhythm Nation” would cause any laptop with a certain hard drive to crash.

In its CVE page, the MITRE organization said the 5400 RPM OEM hard drives were shipped primarily with many laptop PCs around 2005. If played near these laptops, the song causes “a denial of service (device malfunction and system crash) via a resonant-frequency attack.”

Microsoft’s Raymond Chen released a blog about the bug this week, explaining that a colleague of his working in Windows XP product support said a major computer manufacturer discovered the bug and noted that it even worked when “Rhythm Nation” was played from a nearby laptop. 

“It turns out that the song contained one of the natural resonant frequencies for the model of 5400 rpm laptop hard drives that they and other manufacturers used,” Chen explained. “The manufacturer worked around the problem by adding a custom filter in the audio pipeline that detected and removed the offending frequencies during audio playback.”

Microsoft published a poll before releasing the blog asking Twitter to guess which song was the culprit behind the bug they discovered, with many guessing Vanilla Ice’s “Ice, Ice Baby.” “Rhythm Nation” came in second place. 

Chen himself drew ties to the 1940 Tacoma Narrows Bridge collapse as another example of natural resonant frequencies. 

The poll led to a fun discussion among cybersecurity experts about similar audio-related quirks and vulnerabilities that could take down laptops.

Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.