Thursday, December 12, 2024
HomeCVE/vulnerabilityA Critical Software Bug Turns an Airplane to the Wrong Way -...

A Critical Software Bug Turns an Airplane to the Wrong Way – Turned Right Instead of Left

Published on

SIEM as a Service

Recently, security researchers have discovered a very distinct software bug that is marked as a very critical software bug, as it turns an airplane in the wrong way. 

Nav Canada firstly identified this bug in 2017 on a Bombardier CRJ-200, which makes the aircraft to switch to the wrong way, in short, this bug turns the airplane to right instead of left if pilots regulate the pre-set height limit.

Soon after the incident, it was reported to the appropriate authority, and the other reason for this software bug is that the pilots used the FMS’s temperature compensation function in a remarkably cold climate.

- Advertisement - SIEM as a Service

What’s the problem?

As we said that due to the use of FM’S temperature compensation function by the pilots in a very cold climate, a critical software bug took place as it turns an airplane in the wrong way, or we can say that instead of left they turn towards the right. 

Well, the pilots also said that the airplane just turns to the wrong way as it was heeding the published missed approach, and they also said that this type of misconception generally does not occur.

But, according to one of the professional aviators, selecting the altitude correctly or utilizing temperature compensation does not really alter the flight segment. Thus we can say that just because of the design error, the software imagines the flight division has shifted.  

Moreover, disabling the FMS automatic features are done by the aircraft’s configuration strapping unit (CSU) and reviewing the airplane flight manual (AFM) reservations segment. 

However, Rockwell Collins opposed the FAA and the prescribed steps that are to be perceived regarding it; thus, in Europe this week, it was published that a necessary airworthiness directive organization operators of CRJ-200 aircraft to impair the automatic temperature compensation till mid-June.

After all this discussion, the FAA was not satisfied by this decision, thus disagreed in disabling the FMS feature as it is necessary to address the unsafe condition. And both companies disagreed with the banned of the FMS automatic feature. 

They declared that a software fix would be more accessible to achieve rather than forbidding the use of the electronic calculator.

Well, all have this much idea that all the bugs that took place in the flight are very uncommon. And both Airbus and Boeing have discovered that most of the airline bugs serve to be unexpected memory overflows over the year. 

Moreover, there is a design that is owned by Bombardier, the Airbus A220, that has gone through the same software-induced issues with its engines last year. In contrast, the Boeing 737 was found to have a unique bug that has blanked all cockpit, and it also shows if pilots attempted to land on one of seven distinct runways in the whole world.

So, what do you think about this? Share all your views and thoughts in the comment section below.

Also Read: Radio Tech Used to Hack Everything From Airplanes to Defibrillators

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Cleo 0-day Vulnerability Exploited to Deploy Malichus Malware

Cybersecurity researchers have uncovered a sophisticated exploitation campaign involving a zero-day (0-day) vulnerability in...

GitLab Security Update, Patch for Critical Vulnerabilities

GitLab announced the release of critical security patches for its Community Edition (CE) and...

BadRAM Attack Breaches AMD Secure VMs with $10 Device

Researchers have uncovered a vulnerability that allows attackers to compromise AMD's Secure Encrypted Virtualization...

Splunk RCE Vulnerability Let Attackers Execute Remote Code

Splunk, the data analysis and monitoring platform, is grappling with a Remote Code Execution...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

GitLab Security Update, Patch for Critical Vulnerabilities

GitLab announced the release of critical security patches for its Community Edition (CE) and...

Splunk RCE Vulnerability Let Attackers Execute Remote Code

Splunk, the data analysis and monitoring platform, is grappling with a Remote Code Execution...

Ivanti CSA Vulnerabilities Let Attackers Gain Admin Access

 Ivanti has issued critical software updates to address several severe vulnerabilities in its Cloud...