Subject: Re: CVE-2022-38392: 5400 RPM hard drives resonant-frequency attack with music video
On Sun, 6/14/2026 9:24 PM, VanguardLH wrote:
"Mr. Man-wai Chang" <toylet.toylet@gmail.com> wrote:
NVD - CVE-2022-38392
<https://nvd.nist.gov/vuln/detail/CVE-2022-38392>
Current Description
Certain 5400 RPM hard drives, for laptops and other PCs in approximately
2005 and later, allow physically proximate attackers to cause a denial
of service (device malfunction and system crash) via a
resonant-frequency attack with the audio signal from the Rhythm Nation
music video. A reported product is Seagate STDT4000100 763649053447.
Related:
17 ?? OpenAI ??????? ???? HDD ?????????? - ????
<https://www.hkepc.com/26012/?
Shouting in the Datacenter - YouTube
<https://www.youtube.com/watch?v=tDacjrSCeq4>
But couldn't adjacent 5400 RPM HDDs generate vibrations at frequencies
to cause the same effect? Be interesting to see what effect the same
testing (for the yell test) would disclose if the 5400 RPM HDDs were physically separate into separate racks with each rack using vibration dampeners.
Disk drives vary in price considerably, and what you get
inside depends on that price.
We could start with a WD Blue. That's a very basic drive. It would
have a voice coil, but whatever other head actuators it has, would
be guesswork.
The better drives have three positioners. The voice coil is one
of those. There are two others nearer to the head. One of the fine
positioners is piezoelectric and driven by a pattern generated via a DSP.
There is a thermal actuator for vertical movement. The head
moves 1 nm closer to the platter, on a write. And a thermal element
was used for that. Even a WD Blue would have one.
The WD Blue has no high fly detect. I know this, because using
a hex e4itor and "getting close" as in adjacent to a CRC error,
I could see a sector which was written with "stale" data. At
that point, the head was too high to write anything, so the CRC
on that block was still good. The adjacent sector had a CRC error,
as the write current was just enough to foul up the contents.
One way of detecting a high-fly event, is with an analysis of the
write current magnitude. If the head is at normal height, the
write current has one look to it. And using a DSP, they can spot
when the current flow is outside of an acceptance envelope. Any drive
slightly more expensive than the WD Blue should have that.
At some point, the number of actuators is called for by the data density,
and even without vibration protection mechanisms, you'd need that degree of precision for the drive to work. So if they made a WD Blue 24TB, then you
would expect it has some of the kit that an Enterprise drive would have.
You will notice some drive datasheets show BER 1E-14 and BER 1E-15,
and this implies something about the kit inside the drive.
A good drive can accept the vibration of eight or sixteen neighbors
(operating at nominally the same frequency). Some of the correction
mechanisms might be "predictive", others are "reactive". We would
expect our WD Blue to be totally reactive and gutless. That's because
no expense is wasted on making it a better product.
The HGST site, could take patent information and do a writeup
for laymen, explaining how a certain thing would be a benefit. Since
HGST was bought by WDC, there's less and less reason for tutorial
articles to appear. Some of the WDC drives are "obviously" HGST,
because of the style of the housing. No attempt was made to
make all the hardware look the same. And some product lines
are coming only from WDC factories, others coming from HGST
factories. It's just possible that the WDC factory has less
Helium as an input material (more air breathers coming from there),
Whereas the HGST would have a high percentage of two-lid Helium
drives.
If yelling at a drive inside a locked server room in an
Enterprise environment, actually worked to disturb any of
the modern kit in there, I would be "surprised", considering
the amount of tech-junk that is inside an $800 drive.
You can tell a quality drive, because it "hums more". the hum
is coming from the stage that controls fine correction and
the hum should be proportional to the rotation rate
(as the correction pattern is applied over and over again).
A WD Blue on the other hand, it would be a question of what
it wasn't sensitive to. And especially for a 2,3,4TB drive
where the areal density leaves room for cutting corners.
The speed doesn't have to be 5400. It can be 5900 or 5300 or
the drive can even modulate the speed according to activity.
A 7200 RPM drive is likely to be 7200 RPM, but some of the
datasheets are <cough> mis-labeled, and you cannot believe
everything you read. I've caught transcription errors in datasheets,
where two different datasheets (for the same product), disagree
on the specs. It's a business just chock-full of scumbags :-/
WDC declared they were "sold out for 2026". Yet, batches
of "smaller" drives have shown up at my computer store.
It means they are still arranging the staff to manually
build lots of the non-AI-era drives, as it suits them.
I would guess this is a measure of their confidence in
the bubble bursting and them having to face hostile
customers screwed-over by this era. While today, I might
be able to buy an 8TB drive at my store, it might be 40% more
than January. Mother Teresa is not running this business.
Paul
--- PyGate Linux v1.5.16
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)