Ethernet failure on Swiss business jet prompted emergency descent, say aviation safety bods

Solution? A software update, natch

An Ethernet failure aboard popular Swiss-made business jets could prompt the aircraft to move into an emergency descent as flight systems entered a "degraded" mode, the European Aviation Safety Agency (EASA) has warned.

In a recently issued airworthiness directive, EASA has ordered operators of the Pilatus PC-24 to install new software aboard PC-24 business jets after "a dual Ethernet communication channel failure on a dual-channel data concentration and processing unit".

Like all complex machines in the modern era, jet aircraft are essentially flying servers. Most airliners and business jets contain Ethernet-based internal networks that allow flight control computers to talk to other systems dotted around the airframe, as explained in a previous article about the Boeing 787. Data concentration units share some similarities with network switches down on terra firma, as detailed here.

When that Ethernet network degrades or fails, things can become unpredictable. So it apparently was when that exact thing happened aboard an unidentified PC-24 flight, according to EASA: "This triggered opening of electronic circuit breakers, which resulted in the degradation of environmental control system functionalities, the deployment of all passenger oxygen masks and the autopilot entering in emergency descent mode."

In addition: "Various crew alerting system messages were shown. The functionality of other systems, e.g. flaps, fuel indication and the ice protection system were significantly degraded."

Such things are unlikely to cause an aeroplane to crash, though they do result in "increased pilot workload" in EASA's words.

The fix for this mildly alarming scenario is simple: install a software update. By the end of October, PC-24 operators must have installed version 7.3 of the onboard Utility Management System software. Software updates to fix aviation problems are relatively common in the cautious world of aviation, where fly-by-wire design philosophies are now embedded for all but the most simple aeroplanes.

Pilatus has been asked for comment. The Swiss firm had accepted orders for 84 PC-24s in an initial run, delivering 30 of those by last summer before reopening its order book. ®

Meet the new aviation insecurity, same as the old aviation insecurity: Next-gen ACAS X just as vulnerable to spoofing as its predecessor

Faking an emergency collision alarm - just what you don't need over Heathrow

Aviation boffins have found that next-gen collision aircraft avoidance systems appear to be just as vulnerable to signal spoofing attacks as older kit.

In a paper distributed via ArXiv, computer scientists at the UK's University of Oxford and Switzerland's Federal Office for Defence Procurement analyzed the Airborne Collision Avoidance System X (ACAS X), due to be deployed on commercial aircraft in the next few years, and found that it can be manipulated by a miscreant to produce fake collision alerts that prompt pilots to take evasive action.

Boffins Matthew Smith, Martin Strohmeier, Vincent Lenders, and Ivan Martinovic conducted their tests using laboratory simulations, so the work is theoretical. However, they argue that their findings suggest more work needs to be done to improve aviation system security before the identified flaws can be translated into a real-world threat.

Continue reading

Aviation regulator outlines fixes that will get the 737 MAX flying again

Software upgrade to deliver less lethally-stubborn automation

The United States' Federal Aviation Administration (FAA) has revealed the conditions under which it will permit Boeing's beleaguered 737 MAX to resume commercial flights.

The 737 MAX was grounded after two crashes in 2018 and 2019 revealed that the plane had shipped with largely undocumented automation features called the "Maneuvering Characteristics Augmentation System" (MCAS) that could push its nose downwards. In the two accidents MCAS could not be overridden despite receiving erroneous data from an Angle Of Attack (AOA) sensor. When the MCAS pointed the plane down, and kept doing so despite the AOA data being wrong, pilots could not disengage automation.

Those errors cost 346 lives and saw Boeing pay at least $19bn in compensation to families of the deceased, payments to airline customers and lost revenue.

Continue reading

Boeing 737 Max will return to flight after software updates, says EU's aviation regulator

It flew OK without MCAS – but not well enough to be certified as safe

The Boeing 737 Max was safe enough to fly without the controversial MCAS system but would not have met safety certification rules, the EU Aviation Safety Agency has said after confirming the airliner will return to European skies in January 2021.

Flights will resume once airline pilots have received extra training to the EU regulator's satisfaction, EASA added, having previously said it would not be following in the US Federal Aviation Administration's footsteps.

The EASA announcement is very similar to the US FAA's return to service for the Max but with a couple of extra pilot training requirements added.

Continue reading

Garmin staggers back to its feet: Aviation systems seem to be lagging, though. Here's why

Somebody light that pilot light

Updated Garmin services appear to be in the process of being restored after the company was reportedly hit with ransomware, though its aviation services remain offline at the time of writing.

The company, which makes various navigational and location-tracking services and products, abruptly fell over last week, and continued to stay offline for a prolonged period. The company has so far not confirmed ransomware publicly, referring to it as an "outage" that just so happened to also affect its phones, emails, online chats and all services.

BleepingComputer reported on Sunday that a company employee confirmed the precise strain of infection, adding that files on corporate systems were encrypted with a new, seemingly custom extension: .garminwasted. It also quoted a source as saying a ransom had been demanded to the tune of $10m.

Continue reading

US aviation regulator issues safety bulletins over flaws in software updates for Boeing 747, 777, 787 airliners

Autothrottle cuts to idle and flight computers fail after latest updates, warns FAA

Software updates to Boeing's Jumbo Jet, Dreamliner, and 777 introduced flaws that degraded flight safety and caused the US Federal Aviation Administration (FAA) to publish warnings to aviators.

Recent updates to the Boeing 777 and 787 autothrottle have changed how the safety-critical systems operated, prompting a warning from the FAA to airlines advising them to carefully read updates from Boeing about the flaws.

The FAA stated in November: "The 787 Flight Management Block Point 4 (FMF BP4) software currently installed introduced an auto-throttle software anomaly, which disables one element of the automatic throttle disconnect logic."

Continue reading

EU aviation wonks give all-electric training aeroplane the green light – but noob pilots only have 50 mins before they have to land it

So don't expect to go very far

The EU Aviation Safety Agency (EASA) has certified its first all-electric aeroplane for routine use, marking a small but significant step on the route to all-electric airliners.

"This is an exciting breakthrough," said EASA executive director Patrick Ky in a canned statement as he boasted about the Pipistrel Velis Electro gaining its type approval from his agency.

A two-seater "intended primarily for pilot training," the Velis Electro is a development of Pipistrel's existing (and unfortunately named) Virus aeroplane, which features a piston engine instead of an electric motor.

Continue reading

'This repository is private' – so what's it doing on the public internet, GE Aviation?

DNS config snafu bares Jenkins instance contents to world+dog

GE Aviation managed to expose a pile of its private keys on a misconfigured Jenkins instance that was exposed to the public internet, according to a security researcher who found it through Shodan.

"It took me only a couple of clicks to stumble upon a Jenkins server which appeared to be part GE Aviation internal commercial infrastructure," blogged Bob Diachenko, a researcher for consultancy Security Discovery.

It appeared, from what he found, that Diachenko had got into a backend repository powering GE Aviation's customer portal. The server, he said, "contained source code, plaintext passwords, configuration details, private keys from a variety of GE Aviation internal infrastructure" and more.

Continue reading

The UK's Civil Aviation Authority asked drone orgs to email fliers' data in an Excel spreadsheet

Plus: Solution to 250g drone weight limit is 249g drone

The UK's Civil Aviation Authority (CAA) has caved in on its slow-motion disaster of a drone database – by asking flier associations to email it details of their members in a spreadsheet.

Rather than implementing some kind of secure web portal to harvest personal data on British drone fliers, which the CAA is obliged to collect thanks to incoming EU laws, the body has asked associations to send members' data for bulk registration on an "Excel template".

The low-tech revelation came in a CAA email newsletter issued in the name of Sophie O'Sullivan, its head of unmanned systems.

Continue reading

Aviation's been Boeing through a rough patch: Software tweaks blamed for Airbus A220 failures

Engine maker Pratt & Whitney says it's working on a fix

Software alterations have been fingered as the cause of Airbus A220 airliner problems that led to at least three emergency landings after excessive vibration caused engines to fail, according to reports.

Financial newswire Reuters reported that "recent changes in engine software ... may have caused parts that compress air inside the engine to be set in a way that caused mechanical resonance or destructive vibrations", citing sources familiar with an ongoing investigation.

That investigation is looking into why airlines, in particular Swiss International Air Lines (SIAL), are having problems with their new A220s. SIAL has been hit hard by issues with its new jets' Pratt & Whitney PW1500G engines; the airline has had three engine failures since buying the A220 three years ago.

Continue reading

US military swoops into DEF CON seeking a few good hackers for debut aviation pwning village

Faulty F-15s, at-risk airbases and much more

DEF CON For the first time, Vegas's annual DEF CON hacking conference has an "aviation hacking village", and the US military is scouting around there for a few good hackers to find bugs that its own hackers have missed.

"We've got some great hackers on our team and we're proud of them," Dr Will Roper, assistant secretary of the Air Force for Acquisition, Technology and Logistics, told The Register. "But we may not have the best, and that's why we're here. There's a big pool of talent out there and bringing in fresh eyes could show us stuff that we've missed."

Setting up the village and getting the necessary security clearances has been "eight months of pain," one of the organisers told us, but judging by the scrum it's certainly popular.

Continue reading

Biting the hand that feeds IT © 1998–2021