Software Bug Triggered Airplane Dive Emergency

Investigators have released their final report into a 2008 Qantas flight QF72 from Singapore to Perth, Australia, in which 110 people were injured after a computer component failed. Interestingly, investigators have now found that a programming error was partly to blame for the incident.

Here's what happened: On October 7, 2008, aircraft-monitoring systems in the Airbus A330-303--flying at 37,000 feet--failed, causing the autopilot to automatically disconnect. But pilots were still at the mercy of a flight computer that was receiving incorrect data.

Roughly two minutes after the failure of the computer component, the flight computer initiated two deep dives, the first for 20 seconds, the second for 16 seconds. Each dive slammed passengers into ceilings and walls. Dozens of alarms, most of them false, also began sounding in the cockpit. Luckily, pilots were able to switch to fully manual controls and execute an emergency landing at a nearby Australian military base.

[ Software bugs can cause serious problems. See Iran Hacked GPS Signals To Capture U.S. Drone. ]

After the incident, investigators quickly traced the problem to a failure involving one of the plane's three Northrop Grumman LTN-101 air data inertial reference units (ADIRUs), which measure the airplane's altitude, position, as well as angle of attack--meaning the degree to which the plane's nose is up or down.

But according to the final report on the incident from the Australian Transport Safety Bureau (ATSB), released Monday, the problem wasn't just a faulty ADIRU, but also a programming error involving the flight computers. In particular, the airplane software wasn't written to handle an event in which an ADIRU began outputting erroneous data at regular intervals.

Notably, the flight computers averaged the angle of attack data from two of the ADIRUs to compute the airplane's true angle of attack. If the data from the two ADIRUs significantly differed, however, then the flight computers discarded the values and used the one they'd computed 1.2 seconds prior. But investigators said that the algorithm couldn't handle an episode in which an ADIRU began feeding erroneous information at 1.2-second intervals. That led to the flight computers computing an incorrect angle-of-attack reading, causing it to execute the two dives, one of which subjected passengers to forces of 0.8 G.

To be sure, it was an extremely unlikely failure scenario, and while dangerous, investigators said it was very unlikely that the failure would have caused the plane to crash. All told, in over 28 million hours of flight time involving A330 and A340 aircraft, investigators said that there have been only three known cases of the aircraft systems failing in this manner and causing flight computers to incorrectly adjust the plane's angle of attack (AOA). Interestingly, one of those other failures involved an ADIRU in the same aircraft.

Investigators said that Airbus "subsequently redesigned the AOA algorithm to prevent the same type of accident from occurring again."

Another issue identified by investigators was that "at least 60 of the aircraft's passengers were seated without their seat belts fastened at the time of the first pitch-down." Notably, those passengers were injured with greater frequency--and severity--than passengers who had been wearing their seatbelts.

IT's spending as much as ever on disaster recovery, despite advances in virtualization and cloud techniques. It's time to break free. Download our Disaster Recovery Disaster supplement now. (Free registration required.)