A security researcher has found an unexpected dollop of data in a firmware update released for Kingston's KC2000 M.2 NVMe SSD product line. But this isn't a bug or vulnerability — what he found were the lyrics from a Coldplay song. Nicholas Starke was understandably somewhat astonished by his discovery, so reached out to Bleeping Computer to discuss the seemingly random act of stuffing soft-rock lyrics in SSD firmware.
"I have absolutely no clue why it is in the firmware," Starke told Bleeping Computer, adding that, in his years as a researcher and reverse engineer, he has "seen nothing like it." Sadly, the source publication wasn't able to help Starke with his query, but confirmed that the lyrics were indeed squirreled away in the KC2000 firmware. Kingston has yet to comment on the finding, and the only possible reason Bleeping Computer can suggest for lyrics' inclusion is "as sample data for testing."
We also checked out the firmware, which is still available direct from Kingston Support at the time of writing. You can download the firmware and fire up a hex editor (or use an online one) and load up the 'S2681103.bin' file. A quick search for one of the lyric strings such as 'ComeUpToMeet' will bring you to the start of the firmware section where words from Coldplay's The Scientist can be found.
The firmware version under scrutiny was released in early 2020, according to the release notes. It delivers "improved performance in some QD1 workloads," but there's no mention of the musical/lyrical enhancement contained within.
This isn't the first time we've seen strange, seemingly unrelated data hidden away in computer resource files. Last month we noted that Apple had been including a PDF of the Bitcoin whitepaper within every MacOS release since 2018. Apple's Bitcoin PDF has subsequently been removed.
