Print 83 comment(s) - last by AntDX316.. on Aug 28 at 1:58 AM

Report links flash drive to Flight 5022

A corrupted USB stick contributed to Spain's worst air disaster on record, according to a 12,000-page report cited by the Spanish newspaper El Pais and USA Today.

It was initially believed that the crash of Flight 5022 that killed 154 people in 2008 was the result of pilot error, but investigators have now concluded that a computer infection spread through an infected USB stick may have contributed to the crash. 

Investigators speculate that trojan malware may have slowed down system alerts at the airline's headquarters which could have canceled or delayed the doomed flight. The report indicates that the computer failed to detect three problems (including one issue with the airplane's wing flaps being in the incorrect position for takeoff) in a fail-safe monitoring system and that those problems were brought on by a malicious program that came from the USB thumb drive. 

Spanair has been ordered by a judge to provide all of the company's computer logs from the days before and after the crash.  A final report from crash investigators is expected by December.

One expert warns that with continued use of flash drives and other third party devices in systems like these, this type of tragedy could happen again.

Senior manager of security research at Arbor Networks, Jose Nazario, said that many USB thumb drive attacks take advantage of security weaknesses in Windows auto run, a basic component built into the Windows operating system.

"Think about how many USB sticks you have. You're probably under counting. Everyone does," said Nazario.  "Now think about how many sticks in the past month your laptop has used, and think about how many other systems you have used your USB sticks on. This is like those classic HIV commercials, where you're with everyone that person has been with before."


Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Viruses?
By Argon18 on 8/23/2010 10:49:51 PM , Rating: -1
I'm sorry, but you don't understand mission critical systems. At all. Nor are you qualified to discuss viruses, since Windows is the only current OS that is susceptible to an unprovoked virus infection from a USB drive, or from the LAN. Nobody cares what the "predominant" desktop OS is. The fact is, commercial UNIX workstations can and should be used for mission critical environments.

RE: Viruses?
By Robear on 8/24/2010 2:11:10 AM , Rating: 5
1) Unix died with SCO in '05. There's no such thing as a "Commercial Unix Workstation"
2) Windows is not the "only OS that is susceptible [to viruses]". That's absurd. Every OS is, and I'm not sure in what way Windows "provokes" viruses, but I can assure you Linux has had and will continue to have various vulnerabilities from any connected device, be it USB or LAN. It is the nature of software.

Windows is the primary target for viruses because it is the most popular. If and when Linux becomes the desktop OS of-choice, then the majority of viruses will target that. The number of viruses that exist for windows reflects its popularity: not its security.

This is similar to Apple computers. As one security expert put it, everyone believes Mac to be protected by this "anti-virus pixy dust," but it's actually far more vulnerable than windows 7. It's security through obscurity. Apples-to-apples *pun*, the open-source nature of Linux actually makes it more susceptible to attack.

At any rate, as others have already pointed out, it sounds more like a software failure blamed on a virus, anyway.

RE: Viruses?
By themaster08 on 8/24/2010 5:00:16 AM , Rating: 3
I agree with your post entirely, but you're wasting your time. We have a new Mac nut in the house.

Even with a UNIX Workstation, it would still need to be locked down to the hilt in order to maintain its security. The problem isn't the OS (although you would presume that an airline would be using its own bespoke OS and software), it's the incompetence of their I.T staff.

It's not just us at DT or other technology related forums that claim Apple's security comes from obscurity. Most security professionals and hackers also agree with that sentiment. To proclaim that Windows is most vulnerable just goes to show how little this guy knows about operating systems and security.

RE: Viruses?
By robinthakur on 8/24/2010 7:19:21 AM , Rating: 3
I wouldn't say this has anything to do with Macs, nor did the poster mention them, so let's stay on subject. You lock down systems when they are used for mission critical environments such as these, whatever the operating system is. If either their company policy or system policy permitted the use of memory sticks, in flight checking systems this is corporate manslaughter.

You correctly asert that Windows is the most targeted system for malware and still has several rather huge vulnerabilities including the autorun one (at the time of the crash in 2008) but at the end of the day, any system is vulnerable if you can get a process to run as root, which is in theory restricted in both Windows, Linux and the MacOS. The higher rate of infection of Windows computers versus Linux is also because (generally) the average Linux users know more about their OS by necessity than the average Windows users though there are exceptions ;-) [Disclaimer, I use Windows 7 and Mac OS at home]

RE: Viruses?
By Chocobollz on 8/25/2010 4:34:43 AM , Rating: 2
If changing the OS is something that will remove let's say, 50% of all security issues, then why wouldn't we do it?

"We can't expect users to use common sense. That would eliminate the need for all sorts of legislation, committees, oversight and lawyers." -- Christopher Jennings

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki