Slashdot Mirror
Trojan-Infected Computer Linked To 2008 Spanair Crash
An anonymous reader writes "Two years ago, Spanair flight JK-5022 crashed shortly after takeoff in Madrid, killing 154 of its 172 passengers and crew. El Pais online newspaper reports that the ground computer responsible for triggering an alarm after three failures are reported in a plane failed to do so. The computer was infected with trojans (Google translation of Spanish original)."
wiki link
Beyond the translated Spanish article I can't find anything else about this idea of an alerting system being infected with malware. Typically such systems are simple, embedded and not interfaced in ways which could cause them to run software they are not meant to.
This bit from wikipedia is interesting:
The MD-80 Advanced was to incorporate the advanced flight deck of the MD-88, including a choice of reference systems, with an inertial reference system as standard fitting and optional attitude-heading equipment. It was to be equipped with an electronic flight instrument system (EFIS), an optional second flight management system (FMS), light emitting diode (LED) dot matrix electronic engine and system displays. A Honeywell windshear computer and provision for an optional traffic-alert and collision avoidance system (TCAS) were also to be included. A new interior would have a 12% increase in overhead baggage space and stowage compartment lights that come on when the door opens, as well as new video system featuring drop-down LCD monitors above.[4]
link
Apparently this upgrade got dropped in 1991, so the system still in use must be pretty low tech.
http://michaelsmith.id.au
From the Wikipedia page (emphasis mine):
"On 17 August 2009, CIAIAC released an interim report on the incident [21]. The interim report confirmed the preliminary report's conclusion that the crash was caused by an attempt to take off with the flaps and slats retracted, which constituted an improper configuration, and noted that safeguards that should have prevented the crash failed to do so. The cockpit recordings revealed that the pilots omitted the "set and check the flap/slat lever and lights" item in the After Start checklist. In the Takeoff Imminent verification checklist the copilot just repeats the flaps and slats correct values without actually checking them, as shown by the physical evidence."
Daayum.
Living With a Nerd
Whoever modded up the above post - you've missed the point. There may have been a fault in the on-board management system - or human error failing to heed a warning - but nothing in TFA suggests that malware was in any way involved on the flight deck.
From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
But, the problem that was supposed to be logged was reportedly an overheated pitot tube. That was not the cause of the crash: the report says that the pilots did not set the flaps correctly and a warning alarm did not go off. This was not related to the problem with the computer being used by mechanics.
The article appears to be trying to link two independent events: a separate problem with the plane and an error by the pilots. Or maybe it's just the broken English translation.
Then you are at risk of a serious incident. Not having access to the internet greatly reduces the probability of it, but it is still unacceptable for many reasons. Even more so than having another OS AND access to the Internet.
Your decission-maker is morally liable if something bad happens. And even if the probability is lowered for not having access to the Internet, the consequences if something happens will be equally serious.
Problem with your rebuttal: Whether or not other systems can get trojans, you should NOT be using Windows for anything that needs 100% uptime to guarentee safety of human lives, plain and simple. If the entire system can be locked up and made responsive by userland apps, then it isnt qualified to be responsible for the safety of human lives.
Instead of indicting everyone under the sun, let's do something to fix it instead of tossing people in jail. Many people contributed a little, like Murder on the Orient Express. In the end, the ultimate responsibility rested on the Pilot-in-Command who paid the price for his mistakes. Let's learn from it instead.
1. Revise procedures so that the PNF (Pilot-Not-Flying) visually confirms the flap & slats indicator instead of just reading it to the PF (Pilot Flying)
2. Design future systems such that the take-off config warning isn't on the same circuit breaker as the Total-Air-Temp sensor. (I'm a recreational pilot, not an engineer, so I don't know if there's a valid reason for them to be on the same circuit.) Also, have an EICAS warning when the take-off-config alarm is disabled.
3. Have the engineers remind the pilots / placard the cockpit to remind them that the take-off-config alarm is disabled.
4. Flapless take-off attempts leading to accidents are not a new thing to airplanes. Further training seems to be required, especially as the small aircraft we all initially learn in will take off without flaps.
It's funny because it's true:
I have some friend in IT-maintenance jobs for the government. (intalling PCs, troubleshooting, ...)
Because they had an internal firewall and everybody has a conventional phoneline, someone in the tax-office (yes, those were people who process your taxes) found he could plug in the phone into his onboard 56k-modem and do whatever he wanted online.
After tedious virus removal over the entire departments (they all thought it was a neato trick) the guy just glued 56K-modem connectors into the PCs. The virus-rush was over.
We had to secure a computer at a company I worked at years ago. The IT department claimed it was secure (they had put Norton AV and firewall on it) I laughed when the owner of the company told me about it. He asked if I could do better. I put the computer in a metal drawer, locked it, drilled a hole in the back for the cables to come out and handed him the key. "There, now it's secure." He thought I was kidding until I pointed out the USB ports and drive bays.
An hour later the computer melted...
Sure, a Linux box can get rooted, but I've never seen one, and I've installed Linux on friends' computers when I got tired of reinstalling Windows for them after the thing slows to a crawl from malware. Once Linux was on it, they never got infected again.
Of course, to be victim of a trojan you have to know how to install a program ;)
Free Martian Whores!
Actually two, operational blowout preventers were called for in the regulatory specifications. Turns out the single blowout preventer had no battery juice available. The system is supposed to work, by the batteries closing the hole automatically when detection of the control monitoring software fails. But if the batteries to the sole preventer don't have the juice when needed, bad things can happen. Someone thought the costs vs. risks were negligible, so they settled for less.
You can't be ahead of the curve, if you're stuck in a loop.
RyanAir is planning on charging £1 per trip to te bathroom in the near future, coin-op style...
Maybe I wasn't clear, the mainframe in maintenance has nothing to do directly with inflight operations. The computers on board are completely independent of those in the maintenance system. Now, if there are wireless connections, allowing the maintenance mainframe and the aircraft to share information, it MAY be possible for a virus to gain access to the aircraft, but I am pretty sure this has not happened yet, possibly to the security in place, or possibly no one has really tried to infect an aircraft with a virus.
Indirectly, the maintenance mainframe's failure to alert on related system faults MAY be a factor in future mishaps, but it does not appear that the infected mainframe had anything to do with this one.
Impetuous! Homeric!
Let me be a bit more clear about this:
No, those OSes are not secure. Quite the opposite. Almost all of them are very primitive, and have wide-open memory models that allow anything to run, allow anything running to touch any location in memory, and don't log a thing about it. More recent versions of them may have memory partitioning and privileged-user-only modes, but don't bet on the more recent versions being used even on brand new projects.
The innate vulnerabilities to coding errors presented by this openness are alleviated by performing exhaustive (and expensive) testing of every function in the system to be sure it does what it's supposed to, and exhaustive (and expensive) testing of the system to be sure it does what's required of it, and exhaustive (and expensive) evaluation of the requirements to be sure they cover all of the safety-critical and mission-critical possiblities.
And then you still get gomers on the flight deck disabling safety alerts on a poorly maintained aircraft and executives in the airline HQ giving them a wink and a nod for it while looking all stern (or waving a bulging envelope) at regulator visits.