Print 83 comment(s) - last by AntDX316.. on Aug 28 at 1:58 AM

Report links flash drive to Flight 5022

A corrupted USB stick contributed to Spain's worst air disaster on record, according to a 12,000-page report cited by the Spanish newspaper El Pais and USA Today.

It was initially believed that the crash of Flight 5022 that killed 154 people in 2008 was the result of pilot error, but investigators have now concluded that a computer infection spread through an infected USB stick may have contributed to the crash. 

Investigators speculate that trojan malware may have slowed down system alerts at the airline's headquarters which could have canceled or delayed the doomed flight. The report indicates that the computer failed to detect three problems (including one issue with the airplane's wing flaps being in the incorrect position for takeoff) in a fail-safe monitoring system and that those problems were brought on by a malicious program that came from the USB thumb drive. 

Spanair has been ordered by a judge to provide all of the company's computer logs from the days before and after the crash.  A final report from crash investigators is expected by December.

One expert warns that with continued use of flash drives and other third party devices in systems like these, this type of tragedy could happen again.

Senior manager of security research at Arbor Networks, Jose Nazario, said that many USB thumb drive attacks take advantage of security weaknesses in Windows auto run, a basic component built into the Windows operating system.

"Think about how many USB sticks you have. You're probably under counting. Everyone does," said Nazario.  "Now think about how many sticks in the past month your laptop has used, and think about how many other systems you have used your USB sticks on. This is like those classic HIV commercials, where you're with everyone that person has been with before."


Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: First Question
By Cheesew1z69 on 8/23/2010 4:37:20 PM , Rating: 2
Regardless, there should have been a policy against employees using USB sticks at work. I almost guarantee after this, there will be no such thing allowed.

RE: First Question
By Reclaimer77 on 8/23/2010 6:43:16 PM , Rating: 2
Policies don't mean someone still wont do it. Look at all the policies and rules that were ignored/broken leading up to the BP oil spill.

The system is flawed imo, not the policies.

RE: First Question
By flatrock on 8/24/2010 1:13:48 PM , Rating: 2
Getting people to follow policies is much harder than making them. Even if you have such a policy, there is a need to move data onto computer systems, even if it is only for a software update.

Auto-run viruses can also be transferred by CD or USB Hard Drive. You can scan the media, but there is often a lag between when a vulnerability is discovered and when there is a anti-virus signature added to detect it. Some times it can be a pretty long lag if the person discovering the vulnerability is more interested in exploiting it than notifying someone who will fix it.

"We can't expect users to use common sense. That would eliminate the need for all sorts of legislation, committees, oversight and lawyers." -- Christopher Jennings

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki