Authorities investigating the 2008 crash of Spanair flight 5022 have discovered a central computer system used to monitor technical problems in the aircraft was infected with malware.
An internal report issued by the airline revealed the infected computer failed to detect three technical problems with the aircraft, which if detected, may have prevented the plane from taking off, according to reports in the Spanish newspaper, El Pais. Flight 5022 crashed just after takeoff from Madrid-Barajas International Airport two years ago today, killing 154 and leaving only 18 survivors.The U.S. National Transportation Safety Board reported in a preliminary investigation that the plane had taken off with its flaps and slats retracted — and that no audible alarm had been heard to warn of this because the systems delivering power to the take-off warning system failed. Two earlier events had not been reported by the automated system.
The malware on the Spanair computer has been identified as a type of Trojan horse. It could have entered the airline’s system in a number of ways, according to Jamz Yaneeza, head threat researcher at Trend Micro. Some of the most likely ways are through third party devices such as USB sticks, Yaneeza said, which were responsible for the International Space Station virus infection in 2008, or through a remote VPN connection that may not have the same protection as a computer within the enterprise network. Opening just one malicious file on a single computer is all it takes to infect an entire system.
An incident like this could happen again, and most likely will, according to Saydjari.
Sounds sketchy to me. Trains good, planes bad? Any pilots here like to refute this?
this is silly.
I have seen better protection and protocols on the OLD main frames, then I have on recent HOME COMPUTERS, used for government use..
NOW you have a proprietary USE for a piece of hardware, and then SOMEONE can access it and infect it??
I either say, this is a BS scare tactic or
SOME ONE FU the system on purpose.
I can see it now..ALL the digital displays USED by the pilots, showing PAC MAN to keep them entertained. Using the Steering to control pac man..
The hardware could only be access at certain times for updates and refresh. Otherwise there is NO reason to touch the system. Wireless access?? THAT would be forbidden..its hackable. Internal ports? USB/SERIAL/PAR/CD/DVD would all have to be Password protected from the main console. NO ACCESS.
As part of pre-flight, did they not verify flaps and slat movement?!?!? Every pilot I know (I live next to a flight school) verifies all flight controls prior to take-off visually, not relying on the instruments to tell them they moved.
Let me get that straight: they’re using WINDOWS to monitor and protect aircraft?
Yes, it is plausible that malware or a cyber-weapon attack on an aircraft can cause control surfaces to malfunction and for cockpit alarms to disengage. There is surprisingly little to stop it from happening, crews carry removable media onboard to load flight data and engineering management files. A remote exploit is tougher.
Sarg, but are they able to use Home computers, INSTED of the onsite computers to input there data?
Basic security, VERY basic.
#5. ECA. Good question, thumb drives are ubiquitous and are used promiscuously.
Assuming they actually use thumb drives (or ROMs with a thumb drive connector) on an aircraft for a legitimate reason, isn’t there some validation protocol on the aircraft electronics that can validate the thumb drive?
Another thought: their security software comes from Trend Micro? I had their software on my new PC for 6 months, and decided Trend Micro software was worse than no protection at all.
#3 They’re using android.
Wow, that almost looks like a Windows logo on the tail of the plane.
Maybe that’s not a bad idea for the passengers… have a logo on the plane identifying the OS used to manage critical systems.
Not a bad idea to have it listed along with the type of plane during ticketing.
How many folks would feel safe knowing that info in advance? How many folks would choose a different plane or airline if they had that knowledge?
Cheers!
—RASTER
@ #9
Would feel much safer with a plane with Windows than a plane with any Apple software since Apple has the most security risk than any software on the market.
#9 RASTERMAN – The favicon, the icon that appears in the address bar of a web browser (dvorak.org has John C. Dvorak’s face), for Bank of America’s website shows a Sun Microsystems logo. I told Bank of America this in 2004 for the same reasons that you mention. Someone from the outside might try to customize an attack against Bank of America by knowing the specific hardware or software Bank of America runs.
A somewhat similar problem has been noted because of air pressure sensors in tires. They left a security hole.
The problem is we have so much computing power and ram is so cheap they can waste it. In the old days they’d have had some machine code running off a rom chip and the only way to stick malware in it would have been when they burned it.
Now they use bootable systems that run an OS and can be infected. Progress? I don’t think so. More like laziness.
I guess Adam Curry will file this under “Trains good, Planes bad!”. The meme continues…
Should be titled, “Where there’s smoke there’s bullshit.”
These pilots fucked up; plain and simple.
Just another diversion that will probably work since most people refuse to pull their heads out of their asses.
The firmware for a/c flight controls and engine management is signed just like an xbox or iphone, the big difference being, not every retard and his brother has access to these boxes and/or the firmware.
Is this supposed to be a hack that is done on purpose or some kind of unintended conflict in a hack meant to do something else?
anyhoo, airplanes can differ but you should still have a flap/slat position indicator and the position switch itself both separate from the warning systems.
Preflight would only show the flaps and slats are “there” without any clamps and what not. In the cockpit you “should be” able to tell if the flaps actually go down when activated by the sound and feel of the aircraft.
But, the plane crashed evidently with the flaps up which pilots “would never do” all on their own.
fly the friendly blue screen skies ….
Listened to no agenda and the guys said the malware was on a server? which caused it to fail to flag reported errors.
I still say the working dedicated machines ought to be rigged where they don’t/can’t talk to crap that can mess them up. They have a limited set of possible responses and no more. You can get the defined data out and put the defined data in but other than that everything is cuneiform to the system and it doesn’t a clue what cuneiform is.
“Airline said to be mulling surcharge for flights on anti-virus equipped planes.”
Windows strikes again. When will the world learn.
I doubt this was a “Windows” issue. Most of these companies are using proprietary OS since they need to be simple, secure, and robust. “Windows” has too much other irrelevant crap to be used to manipulate especially avionics, or any single use purpose.
I would suggest this was something mechanical. If it had happened previously it might be either the sensor or sending unit. BUT, remember kiddies, that is just gut reaction and not special knowledge.