Is Malware To Blame For Plane Crash That Killed 154?
from the were-they-flying-WindowsAir? dept
As someone who flies all too frequently, I'd be lying if I said I wasn't a bit spooked by a report that the Spanair flight 5022 crash from two years ago may have been caused -- at least in part -- by malware on a computer that failed to detect three technical problems. Apparently, the computer which monitored those things got some sort of trojan horse, and may have failed to set off the necessary alarms because of this. As for how the computer got infected... it sounds like investigators still are not sure, but someone sticking in an infected USB stick or some other remote network connection seem like the most likely culprit. Of course, the reports seem woefully lacking in details. It's unclear how a trojan would block some software from alerting the crew that there was a problem with the aircraft. Honestly, the report seems to raise a lot more questions than it answers, and if it's actually true, it makes me wonder why we're relying on software that can be disabled via some random malware to watch for life-and-death safety issues on airplanes...
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
it's not that hard to imagine
[ link to this | view in chronology ]
Idjits
In other news, WTF stupid goddamn airline was NOT using a secure embedded unix OS for their goddman airplanes? Srsly? WTF is wrong with them? Are they TRYING to get people killed?
[ link to this | view in chronology ]
Re: Idjits
It seems the ground computer was, at least, partially at fault for the incident and there's more than just malware to explain it. As for the OS on the ground, it could be anything from Win95 to the flavours of Linux used by such people as the NASA, NATO, various militaries including the US and Canada.
[ link to this | view in chronology ]
Re: Re: Idjits
http://en.wikipedia.org/wiki/Flight_5022
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Malware can effect real-time processing
There are applications where timely alerts are critical, and can't be put off by extra processing overhead malware produces. It seems most likely [if malware is the cause] that some real time process was impacted. The alerts would have happened eventually, but in this case, too late.
[ link to this | view in chronology ]
Re: Malware can effect real-time processing
[ link to this | view in chronology ]
Re: Malware can effect real-time processing
Maintenance found a problem and worked on it. The idea is that he would log his work on the computer system and it would, if necessary, raise an alarm and ground the plane until further work is performed.
That would have happened if the computer system wasn't infected.
So no, I don't think you need this to be a "real-time" system. You only need it to be functioning. It's not like the plane will be taking off seconds, or even minutes after the maintenance is finished. You would not want use a computer that takes hours to send a simple message like this.
But I would call it "mission critical" and all the computers on this system should be treated as such. I'd imagine this would be included on the list of safety recommendations.
Blame for the crash? No. Contributing factor? Possibly. The report did say that these technical problems "may have prevented the plane from taking off". Whether a problem-free plane could have warn the pilots of a problem is not clear.
[ link to this | view in chronology ]
Let's not flp out here.
Secondary - failure of warning system to warn the pilot of the error.
This particular failure may have grounded the plane to fix the warning system. Or not.
See original via google transation:
http://translate.google.com/translate?js=y&prev=_t&hl=en&ie=UTF-8&lay out=1&eotf=1&u=http%3A%2F%2Fwww.elpais.com%2Farticulo%2Fespana%2Fordenador%2FSpanair%2Fanota ba%2Ffallos%2Faviones%2Ftenia%2Fvirus%2Felpepiesp%2F20100820elpepinac_11%2FTes&sl=es&tl=en
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Using Windows on a critical piece of HW?
Don't tell me anybody runs windows on critical hardware.
[ link to this | view in chronology ]
Re: Using Windows on a critical piece of HW?
The open source browser Chrome alone has been announcing holes in its browser on average once a day for the past three months.
Stop blaming Windows for every malware-infestation, and start assuming all networked Operating systems and browsers are vulnerable. It'll save you a lot of embarrassment later.
[ link to this | view in chronology ]
Re: Re: Using Windows on a critical piece of HW?
Yes, no system is 100% secure. Still, for a critical system one should pick reasonable software. And Windows hardly fits the bill.
[ link to this | view in chronology ]
As for the ground computer there isn't enough information in the article that Pangolin linked as to the OS what security measures were in place and who had access and so on to tell.
From what I can see and infer from the article I'd guess the OS was Windows, not Vista I hope, or a well known variety of Linux. Both can fairly easily armoured against such attacks or installations. The fact that there was a 24 hour or more lag from the time a failure was logged on that machine till it was analyzed concerns me as well as it indicates lax procedures.
That said, I can see how Pangolin comes to the conclusions he does and would add another one:
(a) Almost criminally lax processes and procedures in analysis of the logs.
[ link to this | view in chronology ]
Re:
Are you saying Vista is less secure than other versions?
[ link to this | view in chronology ]
Sounds more like scare tatic new reporting
[ link to this | view in chronology ]
I Thought I Had All The Reasons
[ link to this | view in chronology ]
The same can be said for automobiles headed in the direction of "drive by wire".
[ link to this | view in chronology ]
[ link to this | view in chronology ]
From the you're got it wrong again dept.. !!!
Flight control systems and the aircrafts internal network for passengers are not connected AT ALL.
Flight control systems do not use windows, or linux.
Why dont you write about the $4Billion dollar stealth bomber that crashed on takeoff due to a computer glitch !.
Moisture in the computer, mabey someone did not close the 'windows'... !!!..
But there is some good solid American design for you.. write about that !!!..
(we can build a 4 billion dollar stealth killing machine, that needs powerfull computers to make it fly, and we can forget that computers and water do not mix together that well !!!.. )..
Some people will latch onto the most trivial, non-true, pointless peice of news trivia to try to push home an equally purile and pointless issue..
I like the snide, semi-vailed attack on 'windows' as if that has anything to do with ANYTHING :)
[ link to this | view in chronology ]
Re: From the you're got it wrong again dept.. !!!
This person is not serious, he will not debate any issues and only appears to want to get angry responses to his posts.
He will repeat erroneous information even when people correct him multiple times.
Don't waste your time answering to this person, he is a troll and will feed on negative emotions.
[ link to this | view in chronology ]
The best explanation
The best explanation I have seen so far is on a slashdot comment: Swiss cheese
[ link to this | view in chronology ]
Let's get the blames right
1. The IT department shut down a system that may have been critical to the safety of flight operations.
2. Flight operations decided to maintain the flights in spite of the unavailability of an apparently critical safety system.
3. The airline senior management had decided to save the expense of having a backup system for an apparently critical safety function.
So, either that system was critical, and the blame resides (1) with the company executives for operating without proper safety systems in place, (2) with the company IT for not having proper business continuity procedures, (3) the company Network Security for letting the malware in, and (4) with the Pilot In Command who made the decision to take off without having all the information needed (standard FAA language, and I am sure it is the same in other jurisdictions).
Or, possibly, that system was not critical, and the malware is just a convenient scapegoat, with the added benefit of agitating opinion to allow more controls on the internet - which may have absolutely nothing to do with the accident.
Either way, whatever malware may have been there is way down the list of blamees.
[ link to this | view in chronology ]
Re: Let's get the blames right
[ link to this | view in chronology ]
Malware...
That being said, machines that are related to critical saftey issues should not be on the net.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
FAA and other regulatory bodies responsible for certification of flight control software follow technical specification D0-178B (http://en.wikipedia.org/wiki/DO-178B). Part of this certification process requires examination of every line of code that comprises the executable. Over the years, MS has been unwilling to allow that kind of detailed examination of Windows source code, and as such there are NO certified passenger-carrying aircraft today that have ANY MS Windows code OF ANY KIND executing in flight control systems. Period.
As to "catching a virus", once loaded via approved (and secure) manufacturer approved process, flight control computers are LOGICALLY and ELECTRICALLY isolated from any other "information processing" systems. So, unless someone has VERY SPECIFIC AND INTRICATE knowledge about the flight control software and load process, and has PHYSICAL access to the aircraft and computers in question, and has the time and equipment to load the "malware" in question, it is virtually impossible for a flight control computer to "get malware" in the same way that network-attached windows boxes catch malware.
To be sure, over the years, especially in the early days of "fly by wire", poor flight control software has resulted in tragedy where aircraft and lives were lost. Flight control software has evolved tremendously, and such software has actually PREVENTED numerous accidents rather than being the cause of them. While I'm sure there are still some "dark corners" of the atmospheric flight envelope that may potentially be beyond current software flight control law software, NO passenger jet flown by competent, rational pilots operating within aircraft limits and tolerances WILL EVER encounter those limits. Period.
I hope this helps allay the fears stated above about flight control computers.
[ link to this | view in chronology ]
Will they ever learn ??? :)
And PHYSICALLY isolated.
I dont many people here actually have any understanding about what they are talking about here. Apart from you.
They seem to see 'a computer' as a "pc" with network connections, hard drives, PCI slots and so on.
A flight control computer is nothing like that, it is not network connected, it does not use an "Operating system" as such, they are usually dedicated machines, the 'software' is 'firmware'. It is physically burned into ROM's with a seperate burner. Therefore the change the code you have to dismantle the 'computer', uplug the ROM, Erase it (UV light usually), and re-burn new code into it.
Alot, to do to get 'malware' into a computer.
If facts as was stated before its not only not possible, its also really quite silly to think otherwise...
These systems are carefully designed, and tested, and tested and tested. Linux or windows does not even get a look in.
As for MS not making their code available, that is not true, if you are a large client of MS you can ask for and get the source code for microsoft products.
Apart from the many universities, and institutions that have access to the source code.. And government and so on.
Microsoft does not cater for the small market of flight control, they are specialised computers and software.
Microsoft creates cunsumer products, and seem to do quite well, for all the whinning about them.
But to try to tie a terrible accident where people where hurt or killed and using that for a cheap stab at Microsoft is just bad... its what I would call scraping the bottom of the barrell..
[ link to this | view in chronology ]
Re: Will they ever learn ??? :)
[ link to this | view in chronology ]
Some things get lost in translation
Pointing the finger of 'blame' at any operating system is pretty meaningless; the blame in this case lies square on the idiots who think it's cool to compile malware of any kind. This is not an isolated incident either. A hospital computer was hacked but in doing so, cross-linked patient files resulting in the wrong medications being given. They 'killed' several who would have survived but the individual responsible was never identified, instead they sacked three doctors and IT staff.
Unfortunately, any system can be compromised even by something as trivial as a bad wiring connection and having worked in avionics myself, I have seen many examples.
Relying wholy on software is just asking for trouble.
[ link to this | view in chronology ]
Its still stand alone,,
NO.. there is no computer code or computer instructions passed between the aircraft and the ground, its no different that receiving an input from the air speed indicators. Its just an input, or an output.
Data, not code.
There is NO data connection between computers, or more specifically no CODE transferred.
Squark codes, and position, airspeed inputs and outputs are not going to reprogram a flight control computer.
These system are programed to ignore wrong information, but NO aircraft do not 'log onto a network' when they come to land.
There is still NO WAY for code to be introduced into a closed computer, with EPROM RAM. Without physically dismantling the computer, removing the ROM, erasing is, and installing checksum correct code.
So again, this is pure FUD... But certainly at the level expected from Mike. and 'Techdirt'..
Ever heard the statement.
"your SO LOW, you are lower than DIRT".
[ link to this | view in chronology ]
Malware ?!
In my opinion critical systems should be totally isolated from the outside world...and their main operation system files should be read only and encrypted so that only someone with the proper clearance and physical access can modify anything.
Sorry for the poor English skills :)
[ link to this | view in chronology ]
Not Windows? MSNBC and CBS have been doing what they get paid to do...
http://techrights.org/2010/08/26/aviation-and-windows-2/
[ link to this | view in chronology ]