Malware link to aircrash inconclusive

update Still too early to draw direct link between malware and deadly Spanair disaster, say security experts who note proper checks should be reinforced to reduce risk of crash.
Written by Vivian Yeo, Contributor on

update Although malware was recently identified as a contributing factor in a Spanair crash two years ago, it is still too early to draw definitive conclusions or panic over possible links to cyberterrorism, security experts say.

A Spanish newspaper reported that the airline's central computer had been infected with Trojans at the time of the disaster, causing a failure to flag technical faults. Spanair's flight JK 5022, which was said to have taken off with flaps and slats on its wings retracted, crashed shortly after takeoff killing 154 people.

Findings by independent aircrash investigators indicated that apart from human oversight, the failure of the system to trigger alerts of the problems led to the tragic incident.

Paul Ducklin, Sophos' head of technology for the Asia-Pacific region, told ZDNet Asia in an e-mail interview, this is possibly the first case of malware being mentioned in relation to a plane crash. However, to what extent the infection contributed to the crash is "not yet clear" as more details of the investigation will only be released in December, Ducklin pointed out.

Whilst there may be public anxiety over just how safe aircraft and airline systems are in the wake of the report, he said carriers and travelers should not be overly concerned about the role of cyberterrorism or cyberwarfare.

"The word 'cyberwarfare' is on a lot of lips lately...so anything which might tie malware and, by association, cyberwarfare into the area of civilian aviation sounds as though it is worth worrying about," he said.

Yet, malware was not the direct cause of the crash as none of the airplane's avionics or in-flight control systems were at risk from malware, Ducklin said, noting it was a case of an infection reinforcing the failure to observe procedures that would have otherwise reduced the chances of a crash.

He added: "Any attempt to connect this story with issues of terrorism and sabotage would, in my opinion, be over the top."

Mikko Hypponen, chief research office at F-Secure, also noted in a blog post that the malware had not been identified and, hence, it was not conclusive to determine how significant its role was in the crash.

Citing the Slammer and Blaster worms, Hypponen noted there have been examples of computer problems impacting real-world air transport infrastructure.

Slammer, he said, caused severe network congestion that led to, among other issues, the slowing down of air-traffic control systems at many international airports. Similarly, when Blaster struck, some carriers were forced to cancel flights due to system problems.

However, the malware were not designed to cripple infrastructure, he pointed out.

"Even though the system problems caused by Slammer and Blaster were truly considerable, they were only by-products of the worms," Hypponen explained. "The worms only tried to propagate: they were not intended to affect critical systems. It was the massive network traffic caused by the worms that alone disrupted normal operations."

Nonetheless, Sophos said the Spanair incident serves as a good reminder that malware can have serious consequences.

"Next time someone tries to convince you that the people who write malware aren't really doing anyone any serious harm--remember this case," Graham Cluley, senior technology consultant at Sophos, said in a blog post.

Responding to ZDNet Asia's queries on how it guards against malware, a Singapore Airlines spokesperson said the company takes "all measures" to ensure its systems are of the highest standards.

"We only use certified software supplied by original equipment manufacturers, which have been tested and approved," she said in an e-mail. "As part of the certification process, aircraft manufacturers also adopt design codes that incorporate firewalls on aircraft systems."

Over at Jetstar Airways, the budget carrier ensures computing devices used on aircraft, reservations and passenger check-in are standalone systems without connection to the Internet, and protected with anti-malware software. A company spokesperson shared in an e-mail that ground staff who access the Internet will have their traffic routed through a server that filters out malicious Web sites.

"In every of our technology implementation, IT security is a part of the process that goes to the eventual implementation rather than as an afterthought," she added. "We conduct regular reviews and business continuity [planning] to make sure backup systems and processes are thought out in the unlikely event all these preventive measures should fail."

Editorial standards