Authorities investigating the 2008 crash of Spanair flight 5022 have discovered a central computer system used to monitor technical problems in the aircraft was infected with malware.
An internal report issued by the airline revealed the infected computer failed to detect three technical problems with the aircraft, which if detected, may have prevented the plane from taking off, according to reports in the Spanish newspaper, El Pais. Flight 5022 crashed just after takeoff from Madrid-Barajas International Airport two years ago today, killing 154 and leaving only 18 survivors.The U.S. National Transportation Safety Board reported in a preliminary investigation that the plane had taken off with its flaps and slats retracted — and that no audible alarm had been heard to warn of this because the systems delivering power to the take-off warning system failed. Two earlier events had not been reported by the automated system.
The malware on the Spanair computer has been identified as a type of Trojan horse. It could have entered the airline’s system in a number of ways, according to Jamz Yaneeza, head threat researcher at Trend Micro. Some of the most likely ways are through third party devices such as USB sticks, Yaneeza said, which were responsible for the International Space Station virus infection in 2008, or through a remote VPN connection that may not have the same protection as a computer within the enterprise network. Opening just one malicious file on a single computer is all it takes to infect an entire system.
An incident like this could happen again, and most likely will, according to Saydjari.
Sounds sketchy to me. Trains good, planes bad? Any pilots here like to refute this?
If this was a trojan or other malware then it was a specifically written piece of software designed to attack the proprietary operating system that was installed by someone actually on the plane that intended to do harm to the aircraft. And that someone was in maintenance or at least passed for it.
Aviation flu?
@20, Most of these companies are using Windows OS because it’s what everybody knows how to use. Replace it with anything else and watch 90% of the employees frown and scratch their heads and bitch to everyone around the water cooler about how the new OS is complicated, and “obsolete” and “inadequate” because it doesn’t have a very pretty GUI.
This aircraft is a older model aircraft that was manufactured in 1993, as an aircraft mechanic, i can tell you that the systems on this aircraft would not be susceptible to an onboard virus.
There was a mechanical problem in the warning system for the flaps and slats position out range position warning system.
The onboard reporting system tells the company of any faults that happened during the previous flight. the failure of the warning system was reported to the infected servers. those servers did not flag maintenance control of a possible problem with the airframe.
The pilots made a mistake and did not verify visually the position indicators in the cockpit. pilot error not a trojan, brought this aircraft down.
If true, the malware authors should be charged with the highest degree of manslaughter possible. (I know, not likely).
I just finished reading “Cyberwar” by Richard Clarke. Highly recommended.
He makes an excellent case for Linux in government, banks and anywhere that security is essential. He says the government and banks have done studies which clearly prove that Linux is more secure but Microsoft’s lobbying efforts keep Windows in the government.
In other words, Microstofts profits are more important than our national security.
He also makes a case that the cost-saving “off the shelf solution” policy are penny-wise but pound foolish. Custom OSs/systems are far harder to hack than off the shelf ones.
Safer yet, would be custom systems created by vetted government employees rather than contractors who hire the cheapest labor. Of course, the conservatives hate the thought of private industry not getting filthy rich off the taxpayers, so they support the current less-secure, more expensive policy of privatization.
>> unclemik9 said, on August 23rd, 2010 at 9:06 am
>> This aircraft is a older model aircraft that was manufactured in 1993, as an aircraft mechanic, i can tell you that the systems on this aircraft would not be susceptible to an onboard virus.
Are you saying that planes make in ’93 never get a computer upgrade? They’re just running old XTs or something? That’s shocking if true.
(I have no idea, BTW, — I’ll take your word on it. How did the pilots use their thumb drives since ’93 computers didn’t have USB ports?)
#24, thanks..
#26, good point.
And this leads back to an old tech rant I have done before(I wont this time).
WINDOWS could protect itself if they used the OLD standardized Protection procedures.
LOCK UP WINDOWS..NOTHING writes to the WINDOWS DIR..PERIOD.
they could even use a Checksum AV program, that looks for ANY CHANGES in programming..ANY changes get flagged or removed.
I listened to the NA podcast…
This is on the SERVER, NOT the plane.
The CHECK system that evaluates Problems is GROUND BASED.
IT’ didnt find faults recorded BY THE PLANE, given to the Evaluating ground computer.
Umm,
my comments STAY the same..WHY the hell isnt it a secure system?
Viruses and trojans are usually pretty specific to operating systems. There are any (that I know of) that can infect multiple platforms, across different OSes. And who would write such things, to infect systems that represent only a tiny fraction of computers worldwide? The only thing I think of is that they’re using Windows (2000, XP, Vista) for all their aerospace needs. Including the plane’s monitoring computer. What’s wrong with tailoring a very of Linux for it? Or a proprietary OS? It costs too much? For a huge aerospace company?!!
It’s not the trojan writers fault. It’s the plane maker’s fault for such penny-pinching, and lax security. They might as well being using substandard, knock-off, engine parts, as well. And blaming the parts makers for crashes.
They obviously didn’t test these monitoring computers very thoroughly.
And “you” wonder why people are losing their faith in planes? Too much of this quick profit taking, over safety. I’ll bet the aerospace execs never fly on their own aircraft.
It isn’t simply a case of “Trains good, planes bad”. It’s trains simpler and harder to screw up. And planes too damn complicated to take penny-pinching shortcuts, when it come to safety. But guess what? They do anyway! And government safety regulators don’t do enough to prevent these clowns from compromising safety and security, in the name of preserving profits.
So don’t be such an aerospace fanboy, just because you probably own their stock. And don’t act so mortally threatened, because of a little potential competition in the transportation field. Planes will still be around, even with a few faster train lines. Sheesh! What a cry baby. My precious planes will stop flying, if we build one more rapid railway. Boo hoo. My Boeing stock will plummet. Whoa is me. Oh grow up, Curry.
Yes the avionics and other systems can be upgraded and these upgrades are very expensive since for the most part these are proprietary systems, running from a rom. they are designed to last the life of the airframe 20 – 30 years. you need to think of these systems more like the computer in your car rather than a laptop. they are single purpose systems.
In fact this model airframe is being phased out of use by the major air lines because their engine do not meet current noise guidelines and guzzle fuel and replacing the engines costs more than the airframe is worth.
If you are interested in the best example of modernizing airframes. look at the B-52 the next time you are at an air show. you will find parts manufactured in the fifties along side the most current avionics systems, but the costs are astronomical but worth it for an airframe you are looking to operate for the next 40 years.
M$ WinCrash for Aircraft ? This is why you don’t want M$ CrapWare in your car !!!
Now that’s a real threat to passengers.
I hope the ones responsible should take in consequences in doing such!