Print 83 comment(s) - last by AntDX316.. on Aug 28 at 1:58 AM

Report links flash drive to Flight 5022

A corrupted USB stick contributed to Spain's worst air disaster on record, according to a 12,000-page report cited by the Spanish newspaper El Pais and USA Today.

It was initially believed that the crash of Flight 5022 that killed 154 people in 2008 was the result of pilot error, but investigators have now concluded that a computer infection spread through an infected USB stick may have contributed to the crash. 

Investigators speculate that trojan malware may have slowed down system alerts at the airline's headquarters which could have canceled or delayed the doomed flight. The report indicates that the computer failed to detect three problems (including one issue with the airplane's wing flaps being in the incorrect position for takeoff) in a fail-safe monitoring system and that those problems were brought on by a malicious program that came from the USB thumb drive. 

Spanair has been ordered by a judge to provide all of the company's computer logs from the days before and after the crash.  A final report from crash investigators is expected by December.

One expert warns that with continued use of flash drives and other third party devices in systems like these, this type of tragedy could happen again.

Senior manager of security research at Arbor Networks, Jose Nazario, said that many USB thumb drive attacks take advantage of security weaknesses in Windows auto run, a basic component built into the Windows operating system.

"Think about how many USB sticks you have. You're probably under counting. Everyone does," said Nazario.  "Now think about how many sticks in the past month your laptop has used, and think about how many other systems you have used your USB sticks on. This is like those classic HIV commercials, where you're with everyone that person has been with before."


Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By Argon18 on 8/23/2010 4:40:05 PM , Rating: -1
The problem isn't the USB stick. The problem is Windows. Why are they running a crap desktop consumer OS on mission-critical flight monitoring computers??? Sounds like retard design to me. Should be running Linux, UNIX, or an embedded OS for something so critical as this.

RE: Viruses?
By Robear on 8/23/2010 5:04:08 PM , Rating: 4
Every system needs an interface, and desktop computers are predominantly windows. These systems must be connected to server systems, and as long as they're connected they are vulnerable. Although I agree that systems connected to mission-critical services should be better protected, it's not uncommon for desktop systems to have USB enabled. It's hard to tell how this proliferated through the system, but with security it's always the weakest link, and we just don't know where that link was.

The virus "Slowed" this system, and the system could have been Linux or Windows. For all we know it was the anti-virus that slowed the system. It could have been another number of things, such as a virus in a remote subnet that managed to perform some sort of DoS attack on the internal network, slowing down network traffic.

Speaking to Windows Versus Linux, there are advantages and disadvantages to both. I doubt you're qualified to tell them which they should use for their server OS.

RE: Viruses?
By Argon18 on 8/23/10, Rating: -1
RE: Viruses?
By Robear on 8/24/2010 2:11:10 AM , Rating: 5
1) Unix died with SCO in '05. There's no such thing as a "Commercial Unix Workstation"
2) Windows is not the "only OS that is susceptible [to viruses]". That's absurd. Every OS is, and I'm not sure in what way Windows "provokes" viruses, but I can assure you Linux has had and will continue to have various vulnerabilities from any connected device, be it USB or LAN. It is the nature of software.

Windows is the primary target for viruses because it is the most popular. If and when Linux becomes the desktop OS of-choice, then the majority of viruses will target that. The number of viruses that exist for windows reflects its popularity: not its security.

This is similar to Apple computers. As one security expert put it, everyone believes Mac to be protected by this "anti-virus pixy dust," but it's actually far more vulnerable than windows 7. It's security through obscurity. Apples-to-apples *pun*, the open-source nature of Linux actually makes it more susceptible to attack.

At any rate, as others have already pointed out, it sounds more like a software failure blamed on a virus, anyway.

RE: Viruses?
By themaster08 on 8/24/2010 5:00:16 AM , Rating: 3
I agree with your post entirely, but you're wasting your time. We have a new Mac nut in the house.

Even with a UNIX Workstation, it would still need to be locked down to the hilt in order to maintain its security. The problem isn't the OS (although you would presume that an airline would be using its own bespoke OS and software), it's the incompetence of their I.T staff.

It's not just us at DT or other technology related forums that claim Apple's security comes from obscurity. Most security professionals and hackers also agree with that sentiment. To proclaim that Windows is most vulnerable just goes to show how little this guy knows about operating systems and security.

RE: Viruses?
By robinthakur on 8/24/2010 7:19:21 AM , Rating: 3
I wouldn't say this has anything to do with Macs, nor did the poster mention them, so let's stay on subject. You lock down systems when they are used for mission critical environments such as these, whatever the operating system is. If either their company policy or system policy permitted the use of memory sticks, in flight checking systems this is corporate manslaughter.

You correctly asert that Windows is the most targeted system for malware and still has several rather huge vulnerabilities including the autorun one (at the time of the crash in 2008) but at the end of the day, any system is vulnerable if you can get a process to run as root, which is in theory restricted in both Windows, Linux and the MacOS. The higher rate of infection of Windows computers versus Linux is also because (generally) the average Linux users know more about their OS by necessity than the average Windows users though there are exceptions ;-) [Disclaimer, I use Windows 7 and Mac OS at home]

RE: Viruses?
By Chocobollz on 8/25/2010 4:34:43 AM , Rating: 2
If changing the OS is something that will remove let's say, 50% of all security issues, then why wouldn't we do it?

"Google fired a shot heard 'round the world, and now a second American company has answered the call to defend the rights of the Chinese people." -- Rep. Christopher H. Smith (R-N.J.)

Latest Headlines

Most Popular Articles5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
No More Turtlenecks - Try Snakables
September 19, 2016, 7:44 AM
ADHD Diagnosis and Treatment in Children: Problem or Paranoia?
September 19, 2016, 5:30 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
Automaker Porsche may expand range of Panamera Coupe design.
September 18, 2016, 11:00 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki