Malware and the Failure of Aircraft Systems


On August 20, 2008, a tragic accident occurred involving a Spanair MD-82 aircraft. The aircraft failed to gain altitude, rolled to the right, and crashed into the ground, killing 154 people. The investigation after the accident discovered that the pilots failed to extend the flaps and slats prior to takeoff, creating an improper takeoff configuration. This critical error is the primary cause of the accident and was a result of the pilots failing to follow the published pre-takeoff checklist. The investigation also noted that the takeoff warning system (TOWS) failed, which normally issues an audible warning to the pilots if the aircraft is departing in the improper takeoff configuration. This warning is meant to supplement the takeoff checklist procedures in the event the pilots inadvertently forgot one of the steps on the checklist. The combination of the failed TOWS alert and the pilots' failure to follow the pre-takeoff checklist resulted in the aircraft attempting takeoff in an improper configuration.

Exactly two years later on August 20, 2010, a Spanish paper published the following article: The computer scoring Spanair aircraft failures had virus (English Translation by Google Translate)

The article reports that malware was installed on the TOWS system of the accident aircraft and implies that it may have been a contributing factor or the cause of the accident.

A TOWS failure is not uncommon to MD-80 series aircraft and has been blamed in other fatal accidents, including Northwest Flight 255 in 1987. As a result of Northwest Flight 255, McDonnell Douglas issued an update to their checklist procedures, including a change requiring pilots to check the TOWS system prior to takeoff. This change was published to all U.S. operators of MD-80 series aircraft, but was not available in the crashed Spanair aircraft. This omission is noted in a safety recommendation issued by the NTSB (National Transportation Safety Board): (PDF)

As noted by the NTSB, the Spanair MD-82 checklist included a daily check of the TOWS system, but not prior to every takeoff. This procedure differs from the checklist issued by McDonnell Douglas in 1988 and that is used by U.S. carriers.

As the SpanAir flight was preparing for departure, the Ram Air Temperature (RAT) probe was reporting an abnormally high temperature. The aircraft returned to the gate and maintenance personnel discovered that the RAT probe heater, which is only supposed to be operated in the air, was incorrectly operating on the ground. The maintenance personnel pulled the circuit breaker for the RAT probe heater and cleared the aircraft for flight, not noting the reason the RAT heater was improperly operating on the ground.

The MD-80 series aircraft contain a relay that powers the TOWS system when the aircraft is on the ground and redirects that power to the RAT heater when the aircraft is in the air. The NTSB's tests determined that a failure in this relay could cause a failure of the TOWS system with no warning. This means the TOWS system has a single point of failure. If there was a problem with this relay, it could potentially send power to the RAT probe heater instead of the TOWS.

Based on this evidence, I believe the malware discovered on the TOWS is irrelevant to the accident in every way. The finding is interesting and proves that malware can exist on these systems, but does not seem to be a contributing factor to the accident. When the ground crews disabled the RAT probe heater, they failed to detect the malfunctioning relay, which was sending power to the RAT probe heater instead of the TOWS. With no warning that the TOWS system was not receiving power and no check of the TOWS by the pilots, the aircraft began its takeoff roll in an improper configuration with no warning.

The investigation leaves the probable cause of the accident as human error. It is ultimately the responsibility of the pilot in command for a safe flight and, while these systems enhance safety, they are not responsible for operation of the aircraft. The failure of the TOWS can be considered a contributing factor to this tragedy, but in my opinion the malware is not relevant to the TOWS failure or the accident. The official report on the accident is due in December 2010, which will reveal the probable cause and contributing factors to the accident.

Back to all Blogs

Talk with an Expert

Thank you for submitting the form! We have received your request. A Secureworks team member will contact you within one business day.