A recent report on an air crash that happened in Spain prompted several articles that seemed to imply that a computer infected with Malware contributed to, or caused the disaster – most of these reports arose after the publication of this article (translated from Spanish via Google Translate): http://translate.google.com/translate?js=y&prev=_t&hl=en&ie=UTF-8&layout=1&eotf=1&u=http://www.elpais.com/articulo/espana/ordenador/Spanair/anotaba/fallos/aviones/tenia/virus/elpepuesp/20100820elpepinac_11/Tes&sl=es&tl=en
Subsequently, the news got even more sensationalised and less accurate, for example in this Gizmodo article (http://gizmodo.com/5618287/malware-blamed-for-disastrous-plane-crash) that seems to lay most of the blame on a malware infection and fails to mention any of the more serious problems leading to the disaster.
Such sensational news is of course interesting to security professionals, particularly those of us working in the Anti-malware industry, and has prompted a lot of debate and investigation behind the scenes.
So what’s the real story? Did malware crash a plane? No, not even close. The reality is much more mundane, though still has worrying aspects (that I’ll discuss shortly).
One of the best articles (that shows that some journalists still go and look up the original sources) was this piece by Ed Bott (http://www.zdnet.com/blog/bott/fact-check-malware-did-not-bring-down-a-passenger-jet/2354). He carefully points out that the malware in question was on a ground based maintenance system (a long way from the aircraft when it crashed), that the MD-80 aircraft that crashed (not an Airbus A320 as some incorrect reports stated) is not a computerised aircraft (and therefore couldn’t be infected with malware anyway), and that the mechanics were actually still entering their maintenance report on the infected system at the time of the crash.
Another well reasoned article (though it does have some inaccuracies – the TOWS system was never infected) was this by Bow Sineath (http://www.secureworks.com/research/blog/index.php/2010/08/23/malware-and-the-failure-of-aircraft-systems/). This points out that the correct take off configuration for the aircraft was not in place because of a failure of the Take of Warning System (TOWS) that tells the pilots that the flaps are correctly deployed (and other important parts of the takeoff configuration are in place) And, this brings us to the real cause of the accident. The pilots had not checked that they had deployed the flaps correctly – this is essential to a correct take-off configuration.
Anyone who flies regularly will have seen the way that the flaps extend from the wings of aircraft on take-off and landing; this is to provide the necessary lift to let the aircraft gain the air on takeoff (and keep it from falling too rapidly on descent). Without the flaps extended, the aircraft could not gain enough lift to take off correctly and therefore crashed, with the resultant tragic loss of life. This is very much a human error story, with an added coincidence of an incorrectly maintained computer system. Much more significant than any malware infection was the separate and unrelated (to the malware infection) failure of the TOWS alerting system. Bow’s article above explains that this is a known problem with MD-80 aircraft, and the fact that the failure had occurred three times before should have raised an alert – this is where the malware comes in – the maintenance system was working slowly, because of the Trojan infection, and this meant that the mechanics didn’t enter the reports in a timely manner, so the necessary alerts weren’t given. It does not excuse, nor explain the pilots’ failure to correctly and completely follow their paper checklist. The failure of the TOWS system meant that the pilots (who did not correctly follow take-off procedures) were not alerted when they did not deploy the correct takeoff configuration, and this most serious error led to the aircraft’s demise. All the configuration systems on aircraft are backed up by manually followed paper checklists, unfortunately, routine is not easy for humans, and it seems that the pilots just made a lapse in following their checklist (which is what the TOWS system is there to alert them to), and it sadly happened at a time when the backup system (an audible alert) wasn’t functioning correctly.
So, did malware cause the air disaster? No, not at all; but as is often the case, some parts of the media don’t like the facts to get in the way of a good story. Malware is frequently sensationalised, and “Pilot error causes Plane Crash” isn’t as exciting a headline as “Malware Blamed for Disastrous Plane Crash”, although the results are just as tragic.
No one can deny that as the world becomes more and more reliant on computers, that malware will continue to be a big problem, or that computers used in critical systems such as control of aircraft, life support, nuclear reactors etc are particularly likely to give rise to disastrous situations if they get infected. However, the reality is that by far and away the greatest proportion of malware is written for criminal gain, such as credit card fraud and is targeted at systems that are widely used (such as Windows or Macs), because that is where the gains are to be made.
Far from worrying whether malware might bring down your plane on your next flight, you should rather ensure that your own computer system isn’t leaking critical information like your banking details or your personal data. The best way to do that is to ensure you keep it well maintained with the latest security patches from vendors like Microsoft and Adobe, and that you run robust and updated anti-virus, such as K7 TotalSecurity, and if you’re using online banking or sites that require you to enter your financial information, consider using a secured browser like K7 SecureWeb.
Andrew Lee
CTO K7 Computing.