Is Malware To Blame For Plane Crash That Killed 154?

from the were-they-flying-WindowsAir? dept

As someone who flies all too frequently, I’d be lying if I said I wasn’t a bit spooked by a report that the Spanair flight 5022 crash from two years ago may have been caused — at least in part — by malware on a computer that failed to detect three technical problems. Apparently, the computer which monitored those things got some sort of trojan horse, and may have failed to set off the necessary alarms because of this. As for how the computer got infected… it sounds like investigators still are not sure, but someone sticking in an infected USB stick or some other remote network connection seem like the most likely culprit. Of course, the reports seem woefully lacking in details. It’s unclear how a trojan would block some software from alerting the crew that there was a problem with the aircraft. Honestly, the report seems to raise a lot more questions than it answers, and if it’s actually true, it makes me wonder why we’re relying on software that can be disabled via some random malware to watch for life-and-death safety issues on airplanes…

Filed Under: , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Is Malware To Blame For Plane Crash That Killed 154?”

Subscribe: RSS Leave a comment
Benny6Toes (profile) says:

it's not that hard to imagine

trojans can cause all sorts of problems in a machine. they can overwrite/replace system files, they can delete other files, they can interfere with networking (no idea how the system talks to other systems on the plane), and they can simply eat up processing time and system memory. in any case, trojans can certainly cause all sorts of system instability once on a machine.

honestly, i’d be more concerned that the plane i’m riding in is operating on windows or some other consumer-level OS. that’s the real scary thing here. even scarier than that? if it was a custom OS and still contracted a trojan…

:Lobo Santo (profile) says:


This sounds like a “let’s make laws to control the internet and kill online anonymity” story. Obviously it’s all the fault of those anonymous tech-savvy malware authors out there.

In other news, WTF stupid goddamn airline was NOT using a secure embedded unix OS for their goddman airplanes? Srsly? WTF is wrong with them? Are they TRYING to get people killed?

TtfnJohn (profile) says:

Re: Idjits

What photos I can find seem to point at Boeing 737 as the aircraft and it certainly uses fail safe, duplicate process, hardened unix as the OS for on board systems.

It seems the ground computer was, at least, partially at fault for the incident and there’s more than just malware to explain it. As for the OS on the ground, it could be anything from Win95 to the flavours of Linux used by such people as the NASA, NATO, various militaries including the US and Canada.

Dan (profile) says:

Malware can effect real-time processing

“It’s unclear how a trojan would block some software from alerting the crew that there was a problem with the aircraft.”

There are applications where timely alerts are critical, and can’t be put off by extra processing overhead malware produces. It seems most likely [if malware is the cause] that some real time process was impacted. The alerts would have happened eventually, but in this case, too late.

Anonymous Coward says:

Re: Malware can effect real-time processing

From what I’m able to gleam, the computer system involved was used to keep the log of the maintenance records.

Maintenance found a problem and worked on it. The idea is that he would log his work on the computer system and it would, if necessary, raise an alarm and ground the plane until further work is performed.

That would have happened if the computer system wasn’t infected.

So no, I don’t think you need this to be a “real-time” system. You only need it to be functioning. It’s not like the plane will be taking off seconds, or even minutes after the maintenance is finished. You would not want use a computer that takes hours to send a simple message like this.

But I would call it “mission critical” and all the computers on this system should be treated as such. I’d imagine this would be included on the list of safety recommendations.

Blame for the crash? No. Contributing factor? Possibly. The report did say that these technical problems “may have prevented the plane from taking off”. Whether a problem-free plane could have warn the pilots of a problem is not clear.

Pangolin (profile) says:

Let's not flp out here.

Let’s go to the source and see what is really being reported. There was no malware on the PLANE. It was on the ground – and even WITHOUT the malware this problem may not have been detected as it depended on mechanics to log the failures. The logging of the failures failed. Even so – it may not have prevented this accident. Bottom line: Pilot Error primary cause.

Secondary – failure of warning system to warn the pilot of the error.

This particular failure may have grounded the plane to fix the warning system. Or not.

See original via google transation:

Anonymous Coward says:

Re: Using Windows on a critical piece of HW?

The vast majority of smartphones are not running anything “Windows,” and the vast majority of smartphones have malware-capable holes in them announced at least monthly.

The open source browser Chrome alone has been announcing holes in its browser on average once a day for the past three months.

Stop blaming Windows for every malware-infestation, and start assuming all networked Operating systems and browsers are vulnerable. It’ll save you a lot of embarrassment later.

TtfnJohn (profile) says:

It’s possible, very remotely possible that a trojan or other form of malware could get into one of many onboard computers in a modern commercial aircraft. It certainly would take more than a USB key!

As for the ground computer there isn’t enough information in the article that Pangolin linked as to the OS what security measures were in place and who had access and so on to tell.

From what I can see and infer from the article I’d guess the OS was Windows, not Vista I hope, or a well known variety of Linux. Both can fairly easily armoured against such attacks or installations. The fact that there was a 24 hour or more lag from the time a failure was logged on that machine till it was analyzed concerns me as well as it indicates lax procedures.

That said, I can see how Pangolin comes to the conclusions he does and would add another one:
(a) Almost criminally lax processes and procedures in analysis of the logs.

Bradley Stewart (profile) says:

I Thought I Had All The Reasons

not to fly anymore. Thank You Techdirt for giving me another one. And by the way I am sure that the Airline Industry will find a way to capitalize on this financially. Malware Free Flights, only an extra fifty bucks. Hey listen you don’t have to pay it but you will get a break on Flight Insurance. That should make everyone feel better about their trip and the added fee.

Anonymous Coward says:

I can only begine to imagine what corrupted software would do to those new generation aircraft that rely upon “fly by wire” versus the “buggy whip” physical connections between the flight controls in the cockpit and the flight control surfaces.

The same can be said for automobiles headed in the direction of “drive by wire”.

darryl says:

From the you're got it wrong again dept.. !!!

haha,, always quick to point fingers at ‘windows’. Funny.

Flight control systems and the aircrafts internal network for passengers are not connected AT ALL.

Flight control systems do not use windows, or linux.

Why dont you write about the $4Billion dollar stealth bomber that crashed on takeoff due to a computer glitch !.

Moisture in the computer, mabey someone did not close the ‘windows’… !!!..

But there is some good solid American design for you.. write about that !!!..
(we can build a 4 billion dollar stealth killing machine, that needs powerfull computers to make it fly, and we can forget that computers and water do not mix together that well !!!.. )..

Some people will latch onto the most trivial, non-true, pointless peice of news trivia to try to push home an equally purile and pointless issue..

I like the snide, semi-vailed attack on ‘windows’ as if that has anything to do with ANYTHING 🙂

Anonymous Coward says:

Re: From the you're got it wrong again dept.. !!!


This person is not serious, he will not debate any issues and only appears to want to get angry responses to his posts.

He will repeat erroneous information even when people correct him multiple times.

Don’t waste your time answering to this person, he is a troll and will feed on negative emotions.

jfgilbert (profile) says:

Let's get the blames right

Starting from the facts we know: A mainframe that could have issued a warning of a potentially dangerous condition that may have caused the accident had been shut down because it was apparently infected with some malware. The means:
1. The IT department shut down a system that may have been critical to the safety of flight operations.
2. Flight operations decided to maintain the flights in spite of the unavailability of an apparently critical safety system.
3. The airline senior management had decided to save the expense of having a backup system for an apparently critical safety function.

So, either that system was critical, and the blame resides (1) with the company executives for operating without proper safety systems in place, (2) with the company IT for not having proper business continuity procedures, (3) the company Network Security for letting the malware in, and (4) with the Pilot In Command who made the decision to take off without having all the information needed (standard FAA language, and I am sure it is the same in other jurisdictions).

Or, possibly, that system was not critical, and the malware is just a convenient scapegoat, with the added benefit of agitating opinion to allow more controls on the internet – which may have absolutely nothing to do with the accident.

Either way, whatever malware may have been there is way down the list of blamees.

Wolfy says:

Those of us who are pilots will get what I’m going to say next… Who among us has experience in this type of aircraft? Hands, please? …no-one? Then let’s not speculate on causes. Sure, you can do what the airlines usually do and blame these things on the first people killed in these events. After all, they’re not around to say differently.

Anonymous Coward says:

Not sure if anyone in comment stream is interested in actual facts related to software certification for flight control systems, but in the event the author or others are, here are a few to mull over.

FAA and other regulatory bodies responsible for certification of flight control software follow technical specification D0-178B ( Part of this certification process requires examination of every line of code that comprises the executable. Over the years, MS has been unwilling to allow that kind of detailed examination of Windows source code, and as such there are NO certified passenger-carrying aircraft today that have ANY MS Windows code OF ANY KIND executing in flight control systems. Period.

As to “catching a virus”, once loaded via approved (and secure) manufacturer approved process, flight control computers are LOGICALLY and ELECTRICALLY isolated from any other “information processing” systems. So, unless someone has VERY SPECIFIC AND INTRICATE knowledge about the flight control software and load process, and has PHYSICAL access to the aircraft and computers in question, and has the time and equipment to load the “malware” in question, it is virtually impossible for a flight control computer to “get malware” in the same way that network-attached windows boxes catch malware.

To be sure, over the years, especially in the early days of “fly by wire”, poor flight control software has resulted in tragedy where aircraft and lives were lost. Flight control software has evolved tremendously, and such software has actually PREVENTED numerous accidents rather than being the cause of them. While I’m sure there are still some “dark corners” of the atmospheric flight envelope that may potentially be beyond current software flight control law software, NO passenger jet flown by competent, rational pilots operating within aircraft limits and tolerances WILL EVER encounter those limits. Period.

I hope this helps allay the fears stated above about flight control computers.

darryl says:

Will they ever learn ??? :)

As to “catching a virus”, once loaded via approved (and secure) manufacturer approved process, flight control computers are LOGICALLY and ELECTRICALLY isolated from any other “information processing” systems.

And PHYSICALLY isolated.

I dont many people here actually have any understanding about what they are talking about here. Apart from you.

They seem to see ‘a computer’ as a “pc” with network connections, hard drives, PCI slots and so on.

A flight control computer is nothing like that, it is not network connected, it does not use an “Operating system” as such, they are usually dedicated machines, the ‘software’ is ‘firmware’. It is physically burned into ROM’s with a seperate burner. Therefore the change the code you have to dismantle the ‘computer’, uplug the ROM, Erase it (UV light usually), and re-burn new code into it.

Alot, to do to get ‘malware’ into a computer.

If facts as was stated before its not only not possible, its also really quite silly to think otherwise…

These systems are carefully designed, and tested, and tested and tested. Linux or windows does not even get a look in.

As for MS not making their code available, that is not true, if you are a large client of MS you can ask for and get the source code for microsoft products.

Apart from the many universities, and institutions that have access to the source code.. And government and so on.

Microsoft does not cater for the small market of flight control, they are specialised computers and software.

Microsoft creates cunsumer products, and seem to do quite well, for all the whinning about them.

But to try to tie a terrible accident where people where hurt or killed and using that for a cheap stab at Microsoft is just bad… its what I would call scraping the bottom of the barrell..

Pete Braven (profile) says:

Some things get lost in translation

Unfortunately, the notion that a flight computer is completely ‘stand-alone’ in only true until the aircraft commits to an automatic landing approach, at whch time it is very definitely synched to the ground control systems or the airport.
Pointing the finger of ‘blame’ at any operating system is pretty meaningless; the blame in this case lies square on the idiots who think it’s cool to compile malware of any kind. This is not an isolated incident either. A hospital computer was hacked but in doing so, cross-linked patient files resulting in the wrong medications being given. They ‘killed’ several who would have survived but the individual responsible was never identified, instead they sacked three doctors and IT staff.
Unfortunately, any system can be compromised even by something as trivial as a bad wiring connection and having worked in avionics myself, I have seen many examples.
Relying wholy on software is just asking for trouble.

darryl says:

Its still stand alone,,

Unfortunately, the notion that a flight computer is completely ‘stand-alone’ in only true until the aircraft commits to an automatic landing approach, at whch time it is very definitely synched to the ground control systems or the airport.

NO.. there is no computer code or computer instructions passed between the aircraft and the ground, its no different that receiving an input from the air speed indicators. Its just an input, or an output.

Data, not code.

There is NO data connection between computers, or more specifically no CODE transferred.

Squark codes, and position, airspeed inputs and outputs are not going to reprogram a flight control computer.

These system are programed to ignore wrong information, but NO aircraft do not ‘log onto a network’ when they come to land.

There is still NO WAY for code to be introduced into a closed computer, with EPROM RAM. Without physically dismantling the computer, removing the ROM, erasing is, and installing checksum correct code.

So again, this is pure FUD… But certainly at the level expected from Mike. and ‘Techdirt’..

Ever heard the statement.

“your SO LOW, you are lower than DIRT”.

Flying Addict (user link) says:

Malware ?!

I think the system administrator on the software developers that worked on the plane/airport should take the blame for this. I don’t understand how could malware get in the plane’s computer?! Is it connected to the internet ? Do the pilots surf the web while they fly?
In my opinion critical systems should be totally isolated from the outside world…and their main operation system files should be read only and encrypted so that only someone with the proper clearance and physical access can modify anything.

Sorry for the poor English skills 🙂

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...