Malware a factor in Spanair 5022 crash?

GatorFC

GatorFC

Well-Known Member
Malware implicated in fatal Spanair plane crash
MSNBC said:
Authorities investigating the 2008 crash of Spanair flight 5022 have discovered a central computer system used to monitor technical problems in the aircraft was infected with malware.

An internal report issued by the airline revealed the infected computer failed to detect three technical problems with the aircraft, which if detected, may have prevented the plane from taking off, according to reports in the Spanish newspaper, El Pais.

Flight 5022 crashed just after takeoff from Madrid-Barajas International Airport two years ago today, killing 154 and leaving only 18 survivors.

The U.S. National Transportation Safety Board reported in a preliminary investigation that the plane had taken off with its flaps and slats retracted — and that no audible alarm had been heard to warn of this because the systems delivering power to the take-off warning system failed. Two earlier events had not been reported by the automated system.

The malware on the Spanair computer has been identified as a type of Trojan horse. It could have entered the airline's system in a number of ways, according to Jamz Yaneeza, head threat researcher at Trend Micro.
Click to expand...
Is this possible that MD-82 avionics are susceptible to viruses and Trojan horses?
 
I'd really be interested in knowing how the malware got on the machine, someone checking their facebook at work?
 
I'm going to side with "Most Likely NOT".

The MD-82 is non-FADEC, cables, pulleys and thousands of pounds of "Rube Goldberg" devices.

If you've got the power, configured and have a full electrical failure, the plane flies exactly the same as it would under normal circumstances.
 
Doug Taylor said:
I'm going to side with "Most Likely NOT".

The MD-82 is non-FADEC, cables, pulleys and thousands of pounds of "Rube Goldberg" devices.

If you've got the power, configured and have a full electrical failure, the plane flies exactly the same as it would under normal circumstances.
Click to expand...
Yeah, that's what I was thinking too, Doug.

I couldn't believe that any avionics suite, much less an MD-82's one, would have an operating system that would or even could be targeted by malware programmers. So, I did some more digging for the original Spanish report, and it turns out (surprise, surprise) MSNBC's poorly written and imprecise article makes it sound as though the infected monitoring computer was onboard the plane.

According to the original Spanish language article here (Google translation here), it was a maintenance computer at the airline's headquarters that was contaminated by malware. If three squawks from the same device on an aircraft are logged into the computer it will trigger an alarm to alert the mechanics to ground that aircraft. Touble is, the squawks for flight 5022 weren't entered in a timely manner, and when the technicians tried to enter them the malware prevented them from doing so.
 
Doug Taylor said:
I'm going to side with "Most Likely NOT".

The MD-82 is non-FADEC, cables, pulleys and thousands of pounds of "Rube Goldberg" devices.

If you've got the power, configured and have a full electrical failure, the plane flies exactly the same as it would under normal circumstances.
Click to expand...

No way Doug, it's most definitely DOOOOOOOM!!!!!!
 
BSOD_aircraft01.jpg


DOOM!! All your base are belong to us!!!!1111!!!
 
Doug Taylor said:
I'm going to side with "Most Likely NOT".

The MD-82 is non-FADEC, cables, pulleys and thousands of pounds of "Rube Goldberg" devices.

If you've got the power, configured and have a full electrical failure, the plane flies exactly the same as it would under normal circumstances.
Click to expand...

I'm going to do some checking on this, but that is not what I believe they are referring to. The issue is that most companies continuously monitor the aircraft through regular downlinks, some go directly to the company, some to the manufacturers, in addition to flight data monitoring (it is incredible how much data is captured this way). Those programs can often catch things before they lead to a problem. My impression from the article is that the airline's system for monitoring was infected, so it did not flag the failure or maintenance code downlink.

One might look like this (redacted ID info):

MESSAGE ID: xxx DFD-COWL ANTIICE DISAGREE xx ENGINE
AIRCRAFT: xxxx FLT: xxxx FLT DATE: DATE/TIME: xxxx xxxx

ACID REP DATE GMT TAT SAT ALT MACH GW FM VERS
xxxxx *AID xxxx xxxx033.6 033.0 00356 .XXX XXXXXX 02 56

ANTI
ENG DURATION ICE HP
2 31.5 OFF 025
 
GatorFC said:
Yeah, that's what I was thinking too, Doug.

I couldn't believe that any avionics suite, much less an MD-82's one, would have an operating system that would or even could be targeted by malware programmers.
Click to expand...

It's not altogether impossible — embedded system security is increasingly becoming a big deal as these things are hooked together and to networks (for a while everyone thought having, say, your process controller for manufacturing Brand Y pain reliever hooked to a network with the rest of the company was a good idea...now, they've figured it out...). In an airplane as manual as the Maddog, though, I'd discount malware as a casual factor.

That said, a high level of software assurance and quality control is required for avionics systems, well above and beyond the sort of QA that goes into your average desktop or mobile app. It's not impossible but it's very, very unlikely.
 
mshunter said:
Apple is also suceptible. Wasn't there recently something issued from the governemnt of Germany about the Iphone and a virus?

Never mind. It was for all Apple products.

http://www.iphoneuserguide.com/appl...ny-issues-security-warning-for-apple-devices/
Click to expand...

Apple has security holes just like MSFT. As you see Apple grow in popularity you will see more problems with it. The difference is MSFT acknowledge problems and makes users aware of them. Apple on the other hand doesn't release information about it's security issue very often and tends to blow smoke IMO..

The question what OS do most aircraft use? I am assuming it is a propietary system and is its own language.
 
Bandit_Driver said:
The question what OS do most aircraft use? I am assuming it is a propietary system and is its own language.
Click to expand...

Something embedded. Couldn't tell you about what that thing built in Tolouse uses, but the Airplane Information Management System and most (all?) of the other systems for the 777 were written in Ada. Ada was used because of its built-in safety features - it's extremely robust and can be formally validated. Hamilton Sunstrand apparently started writing code in C before Honeywell got on the project and said "Look! This works! Better! Easier! Safer!"

I'd imagine that anything used needs to be formally verifiable - that is, you can mathematically prove the correctness of the code. I'm willing to wager there's an advisory circular or TSO that talks about software assurance, too.
 
Autothrust Blue said:
It's not altogether impossible — embedded system security is increasingly becoming a big deal as these things are hooked together and to networks (for a while everyone thought having, say, your process controller for manufacturing Brand Y pain reliever hooked to a network with the rest of the company was a good idea...now, they've figured it out...). In an airplane as manual as the Maddog, though, I'd discount malware as a casual factor.

That said, a high level of software assurance and quality control is required for avionics systems, well above and beyond the sort of QA that goes into your average desktop or mobile app. It's not impossible but it's very, very unlikely.
Click to expand...

Most avionics are protected by the obscurity of using hardware that is at least ten years out of date. :)

You're probably not gonna molest an FMS with a buffer overrun because you can't get your hands on a 615 data loader. And even if you do, you'd have to track down some 3½-inch floppy disks and be familiar with the OPS on the box. It's much easier to just leave a swear word in the scratchpad for the next guy that comes along.

Historically, the role played by communication among boxes on an airplane has been very well-defined with lots of forethought put into all of the usage and failure modes of the data being transmitted. This both permitted easy design of new compatible boxes that didn't exist when the airplane was originally certified (e.g., TCAS and TAWS), but it also restricted innovation; if a usage wasn't predicted it could be difficult to include in the existing architecture. The communications buses were setup so that there was one transmitter and one or more listeners (so each unit that transmits data has to have it's own wire run).

New planes like the A380 and the 787 use ethernet instead of dedicated connections, so one wire can carry lots of traffic. But, it also adds layers to the interconnections and the potential for interference (malicious or otherwise). Most of the protections seem like typical, common-sense IT: access restrictions, encryption, and some obscurity. Some operator seem to be more successful at that than others, so it's up to the manufacturers and standards designers to still have forethought, just at a more generic level. :)
 
haha the Maddog infected by a virus...

good one.

Its all cables and pulleys.
Any semblance of the MD88 sytems to a computer is in the Casio, Ti-35 range.
casio%20calculators.jpg


Cheers
George
 
Autothrust Blue said:
Something embedded. Couldn't tell you about what that thing built in Tolouse uses, but the Airplane Information Management System and most (all?) of the other systems for the 777 were written in Ada. Ada was used because of its built-in safety features - it's extremely robust and can be formally validated. Hamilton Sunstrand apparently started writing code in C before Honeywell got on the project and said "Look! This works! Better! Easier! Safer!"

I'd imagine that anything used needs to be formally verifiable - that is, you can mathematically prove the correctness of the code. I'm willing to wager there's an advisory circular or TSO that talks about software assurance, too.
Click to expand...
Unless the avionics developer develops an entirely custom operating system you still have whatever vulnerabilities that exist in that operating system, or additional software that is run. For example, the Bendix AV8OR series GPS runs on a Windows operating system. The top of the line from Honeywell Primus Apex/Epic uses an operating system honeywell calls "DEOS" and appears to be a modified version of some type of UNIX or BSD (Though they say they built it from the ground up.) I think it is variant of QNX or VxWorks based (or similar) which subscribes to the ARINC 653 and DO-178B standards.
 
Trying to shuffle blame off of the pilots/maintenance at the airline?
 
seagull said:
Ihe issue is that most companies continuously monitor the aircraft through regular downlinks, some go directly to the company, some to the manufacturers, in addition to flight data monitoring (it is incredible how much data is captured this way).
Click to expand...
Total aside, but is that what all those antennas are for on the light poles at ANC? Speaking about the FedEx ramp specifically.....
 
You must log in or register to reply here.
Back
Top