Did malware lead to Madrid plane crash?

How?

How do you get malware onto an aircraft computer? Surely it's not connected to the web, though a private network maybe?

By mviracca on 20 Aug 2010

I think this is just a story to scare people. THe only way 'malware' could get on such a system is if someone intentionally put it there. Otherwise, this is probably a bug or fault with the system. Also, this accident occured thanks to the failure of the pilots to perform the appropriate checks before take off rather than directly because of a computer system.

By RSKG2 on 20 Aug 2010

No! This was a MD-82, a 1970/80s design.

The Civil Aviation Accidents and Incidents Investigation Commission, (CIAIAC) released an interim report on the incident. The report confirmed its preliminary report's conclusion that the crash was caused by an attempt to take off with the flaps and slats retracted, which constituted an improper configuration, and noted that safeguards that should have prevented the crash failed to do so. The cockpit recordings revealed that the pilots omitted the "set and check the flap/slat lever and lights" item in the After Start checklist. In the Takeoff Imminent verification checklist the copilot just repeats the flaps and slats correct values without actually checking them, as shown by the physical evidence. All three safety barriers provided to avoid the takeoff in an inappropriate configuration were defeated: the configuration checklist, the confirm and verify checklist, and aircraft warning system (TOWS). The report also made a number of safety recommendations intended to prevent incidents like this from happening again.

By jonbirduk on 20 Aug 2010

It wasn't a system on the plane itself,

This was the central system for logging faults to specific aircraft. It should have flagged a warning that the same plane had suffered similar problems three times and it didn't, allegedly due to being infested with malware.

This is all irrelevant anyway as (even with Google translate's version) reading the article shows that incident #2 in the sequence was the one that returned the aircraft to the ramp the very same day it crashed.

Even then the system wouldn't have helped as the company has already admitted that it took about 24 hours to enter the data. It was when employees tried to write these three incidents they realised that the system was useless and, by then, the crash had already occurred.

By lokash20 on 21 Aug 2010

have Win$ ?

"How do you get malware onto an aircraft computer?"

Just as simple as that: install any Win$....

It remembrs us that the British Army uses Win$ to manage Tridents... with 10 nuclear heads on eatch of them....

By arturpio on 21 Aug 2010

Trident doesn't use Win$ directly

Arturpio, You are wrong on both counts. The Royal Navy control Trident and the current system does NOT run on Windows. Please get your facts correct before scaremongering.

By Josonic on 21 Aug 2010

Don't feed the trolls

Arturpio is not well placed to make comments such as these. Either in terms of facts or literacy. Sad really.

By PaleRider on 22 Aug 2010

BullSh1t

...Come on PC pro, where did you get this story from - or did you make it up for cheap - as if any safety critical, real time embedded system would be windows based and have wireless comm ports open to the outside world - I know, maybe it was the service pack for windows 95 they downloaded mid-flight - COME ON PEOPLE - get real, all software of this nature has to be certified, checked and double checked, you can't just add new software willy nilly. Here's your next article PC Pro - Chernobyl Accident the result of a Virus - duhhh!!!

By pauld1024 on 23 Aug 2010

Not so fast Paul D

Pauld1024, whilst agreeing that this is rather far-fetched, I think you would agree with me that hospital systems, police systems, etc are safety-critical. And guess what: they run on Win$ with ports open to the outside world and USB sticks used to upload/download data from the myriad PCs that access these systems. Get my drift?

By JP4MT on 23 Aug 2010

BullShit11

Come on JP4MT, the systems you mention are not safety critical in the accepted sense, in the way that nuclear reactors, aircraft flight control and railway signalling systems are. The systems you mention, are neither real-time, nor embedded, they are IT, Database type systems running on desktop PCs or networked servers, I doubt they ever left the confines of an air-conditioned office and an IT support dept. They probably don't even have a S.I.L number (safety integrity level - check it out on Wikipedia) or at best is level 1. An aircraft control system is 3 or 4, the highest and toughest and means software has to be developed much more carefully with mathematical proofs of software correctness using certified compilers and operating systems - the reason this system failed, is the same reason lots of other systems fail - human error

By pauld1024 on 23 Aug 2010