Airbus confirms software brought down A400M transport plane

Badly-configured software, that is, not badly-written software

Airbus has confirmed the crash that stalled its A400M program was caused by engine control software.

However, according to Handelsblatt, the problem wasn't that the software is buggy. Rather, someone in the final assembly process installed the software incorrectly.

Marwan Lahoud, Airbus' chief strategy officer, told the German newspaper that the company already believed there had been no problem with the airframe: “The black boxes attest … that there are no structural defects, but we have a serious quality problem in the final assembly”.

Handelsblatt beats Google's translation with the sentence “Die Software für die Steuerung der Motoren sei bei der Endmontage falsch aufgespielt worden”*, but it seems to El Reg to suggest that the software was configured with incorrect parameters at installation.

The May 9 crash near Seville's San Pablo Airport killed four Airbus Defense and Space personnel when the A400M, designated MSN23, crashed just after takeoff on its first flight.

Airbus had already warned A400M operators – Germany, Britain, Turkey and France – to check the planes' Engine Control Unit. Malaysia should too: the Royal Malaysian Air Force has an A400M, which was delivered in March.

Last week, Airbus CEO Tom Enders had complained that the company needed the black box data, which was being withheld by Spanish agencies, to conduct its analysis of the crash.

While the results will be a relief – since a problem with the physical build quality would have been extremely expensive – Airbus will still need to satisfy customers that it can ensure that software installs don't go wrong in future. ®


Google Translate reckons the sentence in question comes out in English as "The software for controlling the motors had been partly filled with wrong during the final assembly," as many commentards noted with joy.

Vulture Central's backroom gremlins, on the back of a very rusty A-level in German, reckon the true meaning is "badly assembled/compiled" rather than "filled with wrong" but the original Google version is too good not to highlight.

Similar topics

Broader topics

Other stories you might like

  • OpenSSL 3.0.5 awaits release to fix potential worse-than-Heartbleed flaw
    Though severity up for debate, and limited chips affected, broken tests hold back previous patch from distribution

    The latest version of OpenSSL v3, a widely used open-source library for secure networking using the Transport Layer Security (TLS) protocol, contains a memory corruption vulnerability that imperils x64 systems with Intel's Advanced Vector Extensions 512 (AVX512).

    OpenSSL 3.0.4 was released on June 21 to address a command-injection vulnerability (CVE-2022-2068) that was not fully addressed with a previous patch (CVE-2022-1292).

    But this release itself needs further fixing. OpenSSL 3.0.4 "is susceptible to remote memory corruption which can be triggered trivially by an attacker," according to security researcher Guido Vranken. We're imagining two devices establishing a secure connection between themselves using OpenSSL and this flaw being exploited to run arbitrary malicious code on one of them.

    Continue reading
  • 5G C-band rollout at US airports slowed over radio altimeter safety fears
    Well, they did say from July, now they really mean from July 2023

    America's aviation watchdog has said the rollout of 5G C-band coverage near US airports won't fully start until next year, delaying some travelers' access to better cellular broadband at crowded terminals.

    Acting FAA Administrator Billy Nolen said in a statement this month that its discussions with wireless carriers "have identified a path that will continue to enable aviation and 5G C-band wireless to safely co-exist."

    5G C-band operates between 3.7-3.98GHz, near the 4.2-4.4GHz band used by radio altimeters that are jolly useful for landing planes in limited visibility. There is or was a fear that these cellular signals, such as from cell towers close to airports, could bleed into the frequencies used by aircraft and cause radio altimeters to display an incorrect reading. C-band technology, which promises faster mobile broadband, was supposed to roll out nationwide on Verizon, AT&T and T-Mobile US's networks, but some deployments have been paused near airports due to these concerns. 

    Continue reading
  • Mega's unbreakable encryption proves to be anything but
    Boffins devise five attacks to expose private files

    Mega, the New Zealand-based file-sharing biz co-founded a decade ago by Kim Dotcom, promotes its "privacy by design" and user-controlled encryption keys to claim that data stored on Mega's servers can only be accessed by customers, even if its main system is taken over by law enforcement or others.

    The design of the service, however, falls short of that promise thanks to poorly implemented encryption. Cryptography experts at ETH Zurich in Switzerland on Tuesday published a paper describing five possible attacks that can compromise the confidentiality of users' files.

    The paper [PDF], titled "Mega: Malleable Encryption Goes Awry," by ETH cryptography researchers Matilda Backendal and Miro Haller, and computer science professor Kenneth Paterson, identifies "significant shortcomings in Mega’s cryptographic architecture" that allow Mega, or those able to mount a TLS MITM attack on Mega's client software, to access user files.

    Continue reading
  • EndeavourOS Artemis: Arch Linux, but a bit friendlier
    The Reg FOSS desk takes the latest release, 22.6, for a spin

    EndeavourOS is a rolling-release Linux distro based on Arch Linux. Although the project is relatively new, having started in 2019, it's the successor to an earlier Arch-based distro called Antergos, so it's not quite as immature as its youth might imply. It's a little more vanilla than Antergos was – for instance, it uses the Calamares cross-distro installer.

    EndeavourOS hews more closely to its parent distro than, for example, Manjaro, which we looked at very recently. Unlike Manjaro, it doesn't have its own staging repositories or releases. It installs packages directly from the upstream Arch repositories, using the standard Arch package manager pacman. It also bundles yay to easily fetch packages from the Arch User Repository, AUR. The yay command takes the same switches as pacman does, so if you wanted to install, say, Google Chrome, it's as simple as yay -s google-chrome and a few seconds later, it's done.

    Continue reading

Biting the hand that feeds IT © 1998–2022