One of the cardinal rules in computers is to “never trust the input” or put another way: “Never trust user input”. If you ever wondered what would happen if this wasn’t followed here’s a real world example that happened late last month (28th Aug) where almost every flights to and from the UK were delayed or cancelled after their air traffic control systems went down.
An analysis of the crash found that a French airline had filed a flight path in the wrong format to the National Air Traffic Services (NATS) and instead of rejecting the plan because it was in an invalid format as it should have done the entire system went down hard. This is a basic programming principle and I am not sure why their testing didn’t catch this massive vulnerability. Basically, it looks like anyone with access to file a flight plan can crash the entire NATS just by submitting a flight plan in the wrong format.
Apparently it is expected behavior as per NATS chief executive Martin Rolfe, who said that both Primary AND Backup systems responded to the incorrect flight data by suspending automatic processing “to ensure that no incorrect safety-related information could be presented to an air traffic controller or impact the rest of the air traffic system”
Nats chief executive, Martin Rolfe, told BBC Radio 4’s Today programme: “It wasn’t an entire system failure. It was a piece of the system, an important piece of the system.
“But in those circumstances, if we receive an unusual piece of data that we don’t recognise, it is critically important that that information – which could be erroneous – is not passed to air traffic controllers.”
Mr Rolfe said Nats has “safety-critical systems” and “throwing data away needs to be very carefully considered”.
To me it is unbelievable that anyone thought that crashing both the Primary and Backup systems was preferable to throwing away an invalid flight plan.
Sources:
- Evening Standard: An ‘unusual piece of data’ caused flight chaos – air traffic control boss
- Slashdot: French Error Blamed for UK’s Air Control Meltdown Which Left 300,000 Passengers With Cancellations
– Suramya