Security Researcher Finds Coldplay Lyrics in Kingston SSD Firmware

Kingston SSD firmware lyrics
(Image credit: Future)

A security researcher has found an unexpected dollop of data in a firmware update released for Kingston's KC2000 M.2 NVMe SSD product line. But this isn't a bug or vulnerability — what he found were the lyrics from a Coldplay song. Nicholas Starke was understandably somewhat astonished by his discovery, so reached out to Bleeping Computer to discuss the seemingly random act of stuffing soft-rock lyrics in SSD firmware.

"I have absolutely no clue why it is in the firmware," Starke told Bleeping Computer, adding that, in his years as a researcher and reverse engineer, he has "seen nothing like it." Sadly, the source publication wasn't able to help Starke with his query, but confirmed that the lyrics were indeed squirreled away in the KC2000 firmware. Kingston has yet to comment on the finding, and the only possible reason Bleeping Computer can suggest for lyrics' inclusion is "as sample data for testing."

(Image credit: Future)

We also checked out the firmware, which is still available direct from Kingston Support at the time of writing. You can download the firmware and fire up a hex editor (or use an online one) and load up the 'S2681103.bin' file. A quick search for one of the lyric strings such as 'ComeUpToMeet' will bring you to the start of the firmware section where words from Coldplay's The Scientist can be found.

The firmware version under scrutiny was released in early 2020, according to the release notes. It delivers "improved performance in some QD1 workloads," but there's no mention of the musical/lyrical enhancement contained within.

This isn't the first time we've seen strange, seemingly unrelated data hidden away in computer resource files. Last month we noted that Apple had been including a PDF of the Bitcoin whitepaper within every MacOS release since 2018. Apple's Bitcoin PDF has subsequently been removed.

Mark Tyson
News Editor

Mark Tyson is a news editor at Tom's Hardware. He enjoys covering the full breadth of PC tech; from business and semiconductor design to products approaching the edge of reason.

  • edzieba
    Padding bytes can be zeroes, noise, or eastereggs, as long as it pads out the total length.
    Reply
  • Okay, this is interesting.

    So what's next ? METAL and Rock band lyrics embedded in UEFI/BIOS ? :tearsofjoy: (y)

    RB-RcX5DS5AView: https://www.youtube.com/watch?v=RB-RcX5DS5A&ab_channel=Coldplay
    Reply
  • helper800
    edzieba said:
    Padding bytes can be zeroes, noise, or eastereggs, as long as it pads out the total length.
    Why would anyone need or want padded data in a firmware update?
    Reply
  • bit_user
    Well, it's certainly a departure from good ol' Lorem Ipsum.

    I'd be mildly concerned about copyright infringement claims, if including something like lyrics to a pop song.
    Reply
  • Dr3ams
    If you play it backwards...a sinister voice will blaspheme in Latin.
    Reply
  • RandomLegoBrick
    internal programmer love drama
    Reply
  • JTWrenn
    helper800 said:
    Why would anyone need or want padded data in a firmware update?
    They can without any issues is what they are saying. The way data is stored it wouldn't even take up more space, just fill in the edges of blocks that are already taken up. Doesn't hurt it, doesn't help it, just extra space. Like writing in the margins of a sheet of paper. No matter what the whole paper is going to be used to carry your writings...there is just extra space that is being used to transport your words and is filled with nothing so you can add a note and not change a thing.
    Reply
  • Sluggotg
    Back in the Amiga Days, I looked at a lot of Boot Blocks on Amiga Game Disks. Some had interesting messages. Cussing you out for looking at the boot block etc. (They assumed anyone looking there was a Hacker trying to break the copy protection). I don't mind these things, but it does bring up the possibility of something sneaking through that could be some form of Malware. Looks like they were having some fun.
    Reply
  • Elusive Ruse
    I'd be more impressed if they had inserted Kingston Wall lyrics instead of Coldplay.
    Reply
  • mitch074
    If it's pure padding, i's no skin off anyone's nose. It could also be an easy way to make reading through the firmware a bit more difficult - if you pad stuff with zeroes or Lorem Ipsum, it's easy to track... A Coldplay lyrics sheet is far less likely, and should be harder to locate - even harder than random noise.
    Reply