Turn your Boeing 787 off and on again, or it will crash

Boeing 787Got a Boeing 787?

Don't make the mistake of leaving it switched on for 248 days.

Because if you do, a bug will mean that the airplane's power will be shut off and it could literally... umm.. crash.

All because of an integer overflow bug.

According to a critical FAA directive, Boeing discovered the bug during laboratory tests:

We have been advised by Boeing of an issue identified during laboratory testing. The software counter internal to the generator control units (GCUs) will overflow after 248 days of continuous power, causing that GCU to go into failsafe mode. If the four main GCUs (associated with the engine mounted generators) were powered up at the same time, after 248 days of continuous power, all four GCUs will go into failsafe mode at the same time, resulting in a loss of all AC electrical power regardless of flight phase.

Directive

Hmm. That's quite a serious denial-of-service problem.

The Guardian reports that, according to Boeing’s records, all of the 787s currently in service have been turned off and turned on again.

You have to love that the solution is the same that millions of computer users resort to every day...

Boeing, meanwhile, is said to be working on a software upgrade that should be ready towards the end of the year. Which is comforting to hear.

In the meantime, next time you you find yourself travelling on a Boeing 787 be sure to ask the flight attendant when it was last switched off.

Tags: , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , ,

7 Responses

  1. Steve Powers

    May 1, 2015 at 7:40 pm #

    If that fails, you could try kicking it….

  2. Anonymous

    May 1, 2015 at 9:13 pm #

    Any idea how long some planes remain switched on for?

    • Paw Steve in reply to Anonymous.

      March 11, 2016 at 1:15 pm #

      A commercial aircraft could have power "ON" for a long time, but I don't suspect anywhere near 248 days. Once the aircraft parks at the gate, the engines and APU are shutdown, but external electrical power is applied. External power is most likely left on until the next departure because power is required for cleaning, any maintenance due, and refueling, as an example. At the next stop, the cycle is repeated. Maybe there's someone from the airlines reading this that can better answer how often the aircraft is powered down 100%.

  3. Coyote

    May 1, 2015 at 11:53 pm #

    "Because if you do, a bug will mean that the airplane's power will be shut off and it could literally… umm.. crash."
    Keep the puns up – that way, if the planes can't be kept up, at least we have the puns, right?

    "All because of an integer overflow bug."
    I don't at all profess to know much about planes. To be completely honest the only kind of flying I am interested in is the kind that isn't possible – the kind in fantasy. Essentially, I might be ('probably am' ?) showing ignorance here:

    Why on Earth (…or, for that matter…) would they not take in to consideration the width of the integer and adjust the value as needed ? Of course that is partly a rhetorical question although I'm sure there is a 'good' reason, depending on definition of 'good'. Scary thought to have a plane fail because of an integer overflow! I also wonder why they would have the planes on for such a long time… why would they do that, aside from maybe stress-testing (in a test environment like they discovered it in)? Do I want to know (I assume I don't, and I hope also that having it on in this mode does not add to its MTBF)?

    "Boeing, meanwhile, is said to be working on a software upgrade that should be ready towards the end of the year. Which is comforting to hear."
    Integer overflow fix takes that long ? Or are they trying to locate all the planes that have gone 'out of bounds' ? I know some will think this is rather horrible of me to say, and probably look down on me (especially if their plane is working), but I can't help but think just how ironic it would be if the planes that disappeared in recent years, actually were the same type of plane.

    Yes, it is interesting that they power cycled their computers, that is planes. Is Windows that bad then? I remember being unfortunate enough to having used it years gone (yet simultaneously also being surprised at times), and I do remember issues like that, but every day? It surely isn't as bad as 9x, CE, ME or NT, is it? That might seem like an absurd question to some but I try to be fair where I can, and the fact I don't use it, means I can't be too judgemental in this department… (and I rather hope it isn't that bad still, admittedly)

  4. Paul

    May 2, 2015 at 9:47 am #

    > Math.pow(2,31) / 100 / 60 / 60 / 24;
    248.55134814814812

    Looks like they are using a signed 32 bit integer for 100ths of a second since turned on apparently which equals 248.5 days before it flips to -248.5 days

  5. Andy Lee Robinson

    May 5, 2015 at 11:29 pm #

    A denial of life problem!

    I know that there are a billion other possible things that haven't gone wrong (yet!), but it is a bit unsettling that someone forgot such a basic thing that integers don't increment forever and didn't consider the overflow case until now.

  6. Boshbosh

    March 11, 2016 at 12:16 am #

    Arguably as important is the reboot / IPL time. From seven miles up you may have 6(?) 15(?) Minutes glide time (albeit uncontrolled) down to a critical altitude. If reboot could be done, assuming a stable glide, within 4 minutes.. Could be OK. Best to make sure they are rebooted on quarterly services though, eh?

Leave a Reply