Is Malware To Blame For Plane Crash That Killed 154?

from the were-they-flying-WindowsAir? dept

As someone who flies all too frequently, I'd be lying if I said I wasn't a bit spooked by a report that the Spanair flight 5022 crash from two years ago may have been caused -- at least in part -- by malware on a computer that failed to detect three technical problems. Apparently, the computer which monitored those things got some sort of trojan horse, and may have failed to set off the necessary alarms because of this. As for how the computer got infected... it sounds like investigators still are not sure, but someone sticking in an infected USB stick or some other remote network connection seem like the most likely culprit. Of course, the reports seem woefully lacking in details. It's unclear how a trojan would block some software from alerting the crew that there was a problem with the aircraft. Honestly, the report seems to raise a lot more questions than it answers, and if it's actually true, it makes me wonder why we're relying on software that can be disabled via some random malware to watch for life-and-death safety issues on airplanes...
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: airplanes, crash, malware


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Benny6Toes (profile), 23 Aug 2010 @ 8:44am

    it's not that hard to imagine

    trojans can cause all sorts of problems in a machine. they can overwrite/replace system files, they can delete other files, they can interfere with networking (no idea how the system talks to other systems on the plane), and they can simply eat up processing time and system memory. in any case, trojans can certainly cause all sorts of system instability once on a machine. honestly, i'd be more concerned that the plane i'm riding in is operating on windows or some other consumer-level OS. that's the real scary thing here. even scarier than that? if it was a custom OS and still contracted a trojan...

    link to this | view in chronology ]

  • icon
    :Lobo Santo (profile), 23 Aug 2010 @ 8:52am

    Idjits

    This sounds like a "let's make laws to control the internet and kill online anonymity" story. Obviously it's all the fault of those anonymous tech-savvy malware authors out there.

    In other news, WTF stupid goddamn airline was NOT using a secure embedded unix OS for their goddman airplanes? Srsly? WTF is wrong with them? Are they TRYING to get people killed?

    link to this | view in chronology ]

    • icon
      TtfnJohn (profile), 23 Aug 2010 @ 9:35am

      Re: Idjits

      What photos I can find seem to point at Boeing 737 as the aircraft and it certainly uses fail safe, duplicate process, hardened unix as the OS for on board systems.

      It seems the ground computer was, at least, partially at fault for the incident and there's more than just malware to explain it. As for the OS on the ground, it could be anything from Win95 to the flavours of Linux used by such people as the NASA, NATO, various militaries including the US and Canada.

      link to this | view in chronology ]

  • icon
    Dark Helmet (profile), 23 Aug 2010 @ 8:52am

    McCoy would charge the malware developer with 2nd degree murder....

    link to this | view in chronology ]

    • identicon
      Danny, 23 Aug 2010 @ 9:26am

      Re:

      Even with murders of 154 people at stake he would still manage to cross some ethical line. Like getting someone to hack into the malware developer's pc to get the necessary evidence to put them away.

      link to this | view in chronology ]

  • icon
    Dan (profile), 23 Aug 2010 @ 8:59am

    Malware can effect real-time processing

    "It's unclear how a trojan would block some software from alerting the crew that there was a problem with the aircraft."

    There are applications where timely alerts are critical, and can't be put off by extra processing overhead malware produces. It seems most likely [if malware is the cause] that some real time process was impacted. The alerts would have happened eventually, but in this case, too late.

    link to this | view in chronology ]

    • icon
      interval (profile), 23 Aug 2010 @ 9:17am

      Re: Malware can effect real-time processing

      Real-time processing is not usually done by pcs, but certainly that's not a hard and fast rule.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 Aug 2010 @ 11:25pm

      Re: Malware can effect real-time processing

      From what I'm able to gleam, the computer system involved was used to keep the log of the maintenance records.

      Maintenance found a problem and worked on it. The idea is that he would log his work on the computer system and it would, if necessary, raise an alarm and ground the plane until further work is performed.

      That would have happened if the computer system wasn't infected.

      So no, I don't think you need this to be a "real-time" system. You only need it to be functioning. It's not like the plane will be taking off seconds, or even minutes after the maintenance is finished. You would not want use a computer that takes hours to send a simple message like this.

      But I would call it "mission critical" and all the computers on this system should be treated as such. I'd imagine this would be included on the list of safety recommendations.

      Blame for the crash? No. Contributing factor? Possibly. The report did say that these technical problems "may have prevented the plane from taking off". Whether a problem-free plane could have warn the pilots of a problem is not clear.

      link to this | view in chronology ]

  • icon
    Pangolin (profile), 23 Aug 2010 @ 9:10am

    Let's not flp out here.

    Let's go to the source and see what is really being reported. There was no malware on the PLANE. It was on the ground - and even WITHOUT the malware this problem may not have been detected as it depended on mechanics to log the failures. The logging of the failures failed. Even so - it may not have prevented this accident. Bottom line: Pilot Error primary cause.

    Secondary - failure of warning system to warn the pilot of the error.

    This particular failure may have grounded the plane to fix the warning system. Or not.

    See original via google transation:

    http://translate.google.com/translate?js=y&prev=_t&hl=en&ie=UTF-8&lay out=1&eotf=1&u=http%3A%2F%2Fwww.elpais.com%2Farticulo%2Fespana%2Fordenador%2FSpanair%2Fanota ba%2Ffallos%2Faviones%2Ftenia%2Fvirus%2Felpepiesp%2F20100820elpepinac_11%2FTes&sl=es&tl=en

    link to this | view in chronology ]

  • icon
    Overcast (profile), 23 Aug 2010 @ 9:13am

    Again, too much dependence on computers...

    link to this | view in chronology ]

  • identicon
    zub, 23 Aug 2010 @ 9:21am

    Using Windows on a critical piece of HW?

    Malware... This almost surely implies Windows.

    Don't tell me anybody runs windows on critical hardware.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 Aug 2010 @ 9:30am

      Re: Using Windows on a critical piece of HW?

      The vast majority of smartphones are not running anything "Windows," and the vast majority of smartphones have malware-capable holes in them announced at least monthly.

      The open source browser Chrome alone has been announcing holes in its browser on average once a day for the past three months.

      Stop blaming Windows for every malware-infestation, and start assuming all networked Operating systems and browsers are vulnerable. It'll save you a lot of embarrassment later.

      link to this | view in chronology ]

      • identicon
        zub, 23 Aug 2010 @ 1:25pm

        Re: Re: Using Windows on a critical piece of HW?

        And I'd say: Stop hiding behind "others also have problems".

        Yes, no system is 100% secure. Still, for a critical system one should pick reasonable software. And Windows hardly fits the bill.

        link to this | view in chronology ]

  • icon
    TtfnJohn (profile), 23 Aug 2010 @ 9:29am

    It's possible, very remotely possible that a trojan or other form of malware could get into one of many onboard computers in a modern commercial aircraft. It certainly would take more than a USB key!

    As for the ground computer there isn't enough information in the article that Pangolin linked as to the OS what security measures were in place and who had access and so on to tell.

    From what I can see and infer from the article I'd guess the OS was Windows, not Vista I hope, or a well known variety of Linux. Both can fairly easily armoured against such attacks or installations. The fact that there was a 24 hour or more lag from the time a failure was logged on that machine till it was analyzed concerns me as well as it indicates lax procedures.

    That said, I can see how Pangolin comes to the conclusions he does and would add another one:
    (a) Almost criminally lax processes and procedures in analysis of the logs.

    link to this | view in chronology ]

    • icon
      nasch (profile), 23 Aug 2010 @ 9:52am

      Re:

      From what I can see and infer from the article I'd guess the OS was Windows, not Vista I hope

      Are you saying Vista is less secure than other versions?

      link to this | view in chronology ]

  • identicon
    Speaker, 23 Aug 2010 @ 9:31am

    Sounds more like scare tatic new reporting

    I have a hard time believing any "news" report that uses words like "may have", "could have been", "might have contributed" and so forth. How about some real news reporting and not something we have to check Snopes about.

    link to this | view in chronology ]

  • identicon
    Bradley Stewart, 23 Aug 2010 @ 9:36am

    I Thought I Had All The Reasons

    not to fly anymore. Thank You Techdirt for giving me another one. And by the way I am sure that the Airline Industry will find a way to capitalize on this financially. Malware Free Flights, only an extra fifty bucks. Hey listen you don't have to pay it but you will get a break on Flight Insurance. That should make everyone feel better about their trip and the added fee.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Aug 2010 @ 9:38am

    I can only begine to imagine what corrupted software would do to those new generation aircraft that rely upon "fly by wire" versus the "buggy whip" physical connections between the flight controls in the cockpit and the flight control surfaces.

    The same can be said for automobiles headed in the direction of "drive by wire".

    link to this | view in chronology ]

  • identicon
    Over The Top, 23 Aug 2010 @ 9:39am

    How is it you all are missing the clear picture.... Skynet is starting small. And if you don't see this message, it is because Skynet has deleted it.

    link to this | view in chronology ]

  • identicon
    darryl, 23 Aug 2010 @ 9:43am

    From the you're got it wrong again dept.. !!!

    haha,, always quick to point fingers at 'windows'. Funny.

    Flight control systems and the aircrafts internal network for passengers are not connected AT ALL.

    Flight control systems do not use windows, or linux.

    Why dont you write about the $4Billion dollar stealth bomber that crashed on takeoff due to a computer glitch !.

    Moisture in the computer, mabey someone did not close the 'windows'... !!!..

    But there is some good solid American design for you.. write about that !!!..
    (we can build a 4 billion dollar stealth killing machine, that needs powerfull computers to make it fly, and we can forget that computers and water do not mix together that well !!!.. )..

    Some people will latch onto the most trivial, non-true, pointless peice of news trivia to try to push home an equally purile and pointless issue..

    I like the snide, semi-vailed attack on 'windows' as if that has anything to do with ANYTHING :)

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 Aug 2010 @ 11:35am

      Re: From the you're got it wrong again dept.. !!!

      TROLL ALERT!

      This person is not serious, he will not debate any issues and only appears to want to get angry responses to his posts.

      He will repeat erroneous information even when people correct him multiple times.

      Don't waste your time answering to this person, he is a troll and will feed on negative emotions.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Aug 2010 @ 10:23am

    The best explanation

    The best explanation I have seen so far is on a slashdot comment: Swiss cheese

    link to this | view in chronology ]

  • icon
    jfgilbert (profile), 23 Aug 2010 @ 10:24am

    Let's get the blames right

    Starting from the facts we know: A mainframe that could have issued a warning of a potentially dangerous condition that may have caused the accident had been shut down because it was apparently infected with some malware. The means:
    1. The IT department shut down a system that may have been critical to the safety of flight operations.
    2. Flight operations decided to maintain the flights in spite of the unavailability of an apparently critical safety system.
    3. The airline senior management had decided to save the expense of having a backup system for an apparently critical safety function.

    So, either that system was critical, and the blame resides (1) with the company executives for operating without proper safety systems in place, (2) with the company IT for not having proper business continuity procedures, (3) the company Network Security for letting the malware in, and (4) with the Pilot In Command who made the decision to take off without having all the information needed (standard FAA language, and I am sure it is the same in other jurisdictions).

    Or, possibly, that system was not critical, and the malware is just a convenient scapegoat, with the added benefit of agitating opinion to allow more controls on the internet - which may have absolutely nothing to do with the accident.

    Either way, whatever malware may have been there is way down the list of blamees.

    link to this | view in chronology ]

    • icon
      Pangolin (profile), 24 Aug 2010 @ 4:26am

      Re: Let's get the blames right

      Blame the flight crew. If they had put flaps and slats in proper position for takeoff, there would have been no crash.

      link to this | view in chronology ]

  • identicon
    MAC, 23 Aug 2010 @ 12:12pm

    Malware...

    Anything and I do mean anything attached to the internet is subject to attack.

    That being said, machines that are related to critical saftey issues should not be on the net.

    link to this | view in chronology ]

  • identicon
    Wolfy, 23 Aug 2010 @ 1:18pm

    Those of us who are pilots will get what I'm going to say next... Who among us has experience in this type of aircraft? Hands, please? ...no-one? Then let's not speculate on causes. Sure, you can do what the airlines usually do and blame these things on the first people killed in these events. After all, they're not around to say differently.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Aug 2010 @ 2:07pm

    Not sure if anyone in comment stream is interested in actual facts related to software certification for flight control systems, but in the event the author or others are, here are a few to mull over.

    FAA and other regulatory bodies responsible for certification of flight control software follow technical specification D0-178B (http://en.wikipedia.org/wiki/DO-178B). Part of this certification process requires examination of every line of code that comprises the executable. Over the years, MS has been unwilling to allow that kind of detailed examination of Windows source code, and as such there are NO certified passenger-carrying aircraft today that have ANY MS Windows code OF ANY KIND executing in flight control systems. Period.

    As to "catching a virus", once loaded via approved (and secure) manufacturer approved process, flight control computers are LOGICALLY and ELECTRICALLY isolated from any other "information processing" systems. So, unless someone has VERY SPECIFIC AND INTRICATE knowledge about the flight control software and load process, and has PHYSICAL access to the aircraft and computers in question, and has the time and equipment to load the "malware" in question, it is virtually impossible for a flight control computer to "get malware" in the same way that network-attached windows boxes catch malware.

    To be sure, over the years, especially in the early days of "fly by wire", poor flight control software has resulted in tragedy where aircraft and lives were lost. Flight control software has evolved tremendously, and such software has actually PREVENTED numerous accidents rather than being the cause of them. While I'm sure there are still some "dark corners" of the atmospheric flight envelope that may potentially be beyond current software flight control law software, NO passenger jet flown by competent, rational pilots operating within aircraft limits and tolerances WILL EVER encounter those limits. Period.

    I hope this helps allay the fears stated above about flight control computers.

    link to this | view in chronology ]

  • identicon
    darryl, 23 Aug 2010 @ 9:28pm

    Will they ever learn ??? :)

    As to "catching a virus", once loaded via approved (and secure) manufacturer approved process, flight control computers are LOGICALLY and ELECTRICALLY isolated from any other "information processing" systems.

    And PHYSICALLY isolated.

    I dont many people here actually have any understanding about what they are talking about here. Apart from you.

    They seem to see 'a computer' as a "pc" with network connections, hard drives, PCI slots and so on.

    A flight control computer is nothing like that, it is not network connected, it does not use an "Operating system" as such, they are usually dedicated machines, the 'software' is 'firmware'. It is physically burned into ROM's with a seperate burner. Therefore the change the code you have to dismantle the 'computer', uplug the ROM, Erase it (UV light usually), and re-burn new code into it.

    Alot, to do to get 'malware' into a computer.

    If facts as was stated before its not only not possible, its also really quite silly to think otherwise...

    These systems are carefully designed, and tested, and tested and tested. Linux or windows does not even get a look in.

    As for MS not making their code available, that is not true, if you are a large client of MS you can ask for and get the source code for microsoft products.

    Apart from the many universities, and institutions that have access to the source code.. And government and so on.

    Microsoft does not cater for the small market of flight control, they are specialised computers and software.

    Microsoft creates cunsumer products, and seem to do quite well, for all the whinning about them.

    But to try to tie a terrible accident where people where hurt or killed and using that for a cheap stab at Microsoft is just bad... its what I would call scraping the bottom of the barrell..

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Aug 2010 @ 5:42am

      Re: Will they ever learn ??? :)

      I like it when you post last... easier to avoid your witless mindless drivel.

      link to this | view in chronology ]

  • icon
    Pete Braven (profile), 24 Aug 2010 @ 8:08am

    Some things get lost in translation

    Unfortunately, the notion that a flight computer is completely 'stand-alone' in only true until the aircraft commits to an automatic landing approach, at whch time it is very definitely synched to the ground control systems or the airport.
    Pointing the finger of 'blame' at any operating system is pretty meaningless; the blame in this case lies square on the idiots who think it's cool to compile malware of any kind. This is not an isolated incident either. A hospital computer was hacked but in doing so, cross-linked patient files resulting in the wrong medications being given. They 'killed' several who would have survived but the individual responsible was never identified, instead they sacked three doctors and IT staff.
    Unfortunately, any system can be compromised even by something as trivial as a bad wiring connection and having worked in avionics myself, I have seen many examples.
    Relying wholy on software is just asking for trouble.

    link to this | view in chronology ]

  • identicon
    darryl, 24 Aug 2010 @ 6:17pm

    Its still stand alone,,

    Unfortunately, the notion that a flight computer is completely 'stand-alone' in only true until the aircraft commits to an automatic landing approach, at whch time it is very definitely synched to the ground control systems or the airport.

    NO.. there is no computer code or computer instructions passed between the aircraft and the ground, its no different that receiving an input from the air speed indicators. Its just an input, or an output.

    Data, not code.

    There is NO data connection between computers, or more specifically no CODE transferred.

    Squark codes, and position, airspeed inputs and outputs are not going to reprogram a flight control computer.

    These system are programed to ignore wrong information, but NO aircraft do not 'log onto a network' when they come to land.

    There is still NO WAY for code to be introduced into a closed computer, with EPROM RAM. Without physically dismantling the computer, removing the ROM, erasing is, and installing checksum correct code.

    So again, this is pure FUD... But certainly at the level expected from Mike. and 'Techdirt'..

    Ever heard the statement.

    "your SO LOW, you are lower than DIRT".

    link to this | view in chronology ]

  • identicon
    Flying Addict, 13 Oct 2010 @ 7:12am

    Malware ?!

    I think the system administrator on the software developers that worked on the plane/airport should take the blame for this. I don't understand how could malware get in the plane's computer?! Is it connected to the internet ? Do the pilots surf the web while they fly?
    In my opinion critical systems should be totally isolated from the outside world...and their main operation system files should be read only and encrypted so that only someone with the proper clearance and physical access can modify anything.

    Sorry for the poor English skills :)

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Dec 2013 @ 8:27am

    Not Windows? MSNBC and CBS have been doing what they get paid to do...

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.