Incident: American Airlines iPad App Crash Grounds Flights, April 2015.

Published Date: 2015-04-29

Postmortem Analysis
Timeline 1. The software failure incident where the iPad app used by American Airlines pilots crashed happened on a Tuesday night [35193]. 2. Published on 2015-04-29 3. The incident likely occurred in April 2015.
System 1. iPad app used by pilots [35193]
Responsible Organization 1. The software failure incident in which the iPad app used by pilots crashed on American Airlines flights was caused by a glitch in the electronic flight bag software [35193].
Impacted Organization 1. Pilots of American Airlines flights [35193] 2. Passengers of American Airlines flights [35193]
Software Causes 1. The software cause of the failure incident was the crashing of the iPad app used by pilots, which served as an electronic flight bag, affecting multiple planes in the American Airlines fleet [35193].
Non-software Causes 1. The failure incident was caused by the iPads used by pilots crashing, affecting multiple flights throughout the American Airlines fleet [35193]. 2. The issue was related to the software application on the pilot iPads, leading to unexpected power downs and affecting the entire 737 fleet [35193].
Impacts 1. Multiple American Airlines flights were delayed on Tuesday night due to the iPad app used by pilots crashing, affecting the entire fleet [35193]. 2. Pilots were unable to take off as the electronic flight bag app crashed, leading to some flights having to return to the gate to access a Wi-Fi connection to fix the issue [35193]. 3. The software failure incident affected "a few dozen flights" across the airline [35193]. 4. The glitch in the electronic flight bags occurred in the same month as a warning about the potential security risks of in-flight Wi-Fi being used to hack into the avionics system of a plane [35193].
Preventions 1. Regular software testing and quality assurance procedures could have potentially identified and addressed any issues with the iPad app used by pilots before it caused delays [35193]. 2. Implementing redundancy or backup systems for critical software applications could have minimized the impact of the crash on multiple flights [35193]. 3. Ensuring secure and stable Wi-Fi connections for the pilot iPads could have prevented the need for flights to return to the gate for fixes, possibly averting delays [35193]. 4. Conducting thorough security assessments and implementing robust cybersecurity measures to protect against potential hacking threats, as highlighted by the US watchdog's warning about in-flight Wi-Fi vulnerabilities [35193].
Fixes 1. Ensuring the pilot iPads have a stable and reliable software application that does not crash during critical operations like takeoff can help fix the software failure incident [35193].
References 1. Passenger reports [35193] 2. American Airlines spokesperson [35193]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization (a) The software failure incident of the iPad app crashing for American Airlines pilots is an example of a similar incident happening again within the same organization. This incident affected multiple flights in American Airlines' fleet, causing delays and inconvenience to passengers [35193]. (b) The articles do not provide information about a similar incident happening again at other organizations or with their products and services.
Phase (Design/Operation) design, operation (a) The software failure incident related to the design phase can be seen in the article where American Airlines experienced a significant issue with the iPad app used by pilots as part of their electronic flight bags. The app crashed, affecting multiple planes scattered throughout the entire fleet. This incident was attributed to a software application issue on pilot iPads, indicating a failure introduced during the development or design phase of the system [35193]. (b) The software failure incident related to the operation phase is evident in the same article where American Airlines had to delay multiple flights due to the iPad app crash. The pilots were unable to take off because their iPads powered down unexpectedly, leading to flight disruptions. This failure was a result of the operation or use of the system, as the pilots were directly impacted by the software glitch during their flight operations [35193].
Boundary (Internal/External) within_system (a) The software failure incident involving the American Airlines pilot iPads crashing can be categorized as within_system. The incident was caused by a glitch in the electronic flight bag app used by pilots, which led to multiple flights being delayed [35193]. The issue originated from within the system itself, affecting the functionality of the iPads and disrupting flight operations.
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident related to non-human actions occurred when the iPad app used by pilots crashed, affecting multiple flights in the American Airlines fleet [35193]. (b) The software failure incident related to human actions involved a security researcher who was barred from a United Airlines flight after tweeting about attempting to hack the passenger oxygen controls on his flight [35193].
Dimension (Hardware/Software) hardware, software (a) The software failure incident related to hardware: - The incident with American Airlines' iPad app crashing affected multiple flights due to the iPads powering down unexpectedly, which can be attributed to hardware issues with the devices themselves [35193]. (b) The software failure incident related to software: - The main software failure incident in this case was the crash of the iPad app used by pilots, which disrupted multiple flights and required some planes to return to the gate for a Wi-Fi connection to fix the issue. This points to a software problem within the application itself [35193].
Objective (Malicious/Non-malicious) non-malicious (a) The software failure incident related to the American Airlines iPad app crash can be categorized as non-malicious. The incident was caused by a glitch in the software application used by pilots, leading to the iPads powering down unexpectedly, affecting multiple flights across the airline's fleet [35193]. The issue was not a result of malicious intent but rather a technical failure within the software system.
Intent (Poor/Accidental Decisions) poor_decisions (a) The software failure incident involving American Airlines' iPad app crash can be attributed to poor decisions. The incident was a result of the app crashing, affecting multiple flights and leaving pilots unable to take off. The decision to rely solely on the iPad app as an "electronic flight bag" without a backup plan in case of such failures can be considered a poor decision. This incident highlights the risks associated with depending entirely on technology without adequate contingency measures in place [35193].
Capability (Incompetence/Accidental) accidental (a) The software failure incident related to development incompetence is not explicitly mentioned in the provided articles. (b) The software failure incident related to accidental factors is evident in the article. The incident where the iPad app used by pilots crashed, leading to flight delays and affecting multiple planes in the American Airlines fleet, was an accidental failure. The crash of the app was unexpected and unfamiliar to the pilots, indicating that it was not intentional but rather a result of an accidental software glitch [35193].
Duration temporary (a) The software failure incident related to the American Airlines pilot iPads crashing was temporary. The incident caused delays in multiple flights, with some flights having to return to the gate to access a Wi-Fi connection to fix the issue. An American Airlines spokesperson confirmed the issue with the software application on pilot iPads and mentioned that they were working to have the flights on the way to their destination as soon as possible [35193].
Behaviour crash (a) crash: The software failure incident in Article 35193 involved a crash of the iPad app used by pilots, which led to delays in multiple flights as the pilots were unable to take off due to the app crashing [35193]. (b) omission: There is no specific mention of the software failure incident being related to the system omitting to perform its intended functions at an instance(s) in the provided article. (c) timing: The software failure incident did not involve the system performing its intended functions correctly, but too late or too early. (d) value: The software failure incident did not involve the system performing its intended functions incorrectly. (e) byzantine: The software failure incident did not involve the system behaving erroneously with inconsistent responses and interactions. (f) other: The behavior of the software failure incident in Article 35193 can be categorized as a crash, where the system lost state and did not perform its intended functions, leading to flight delays and inconvenience for passengers [35193].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence delay, non-human (a) death: There is no mention of any deaths resulting from the software failure incident reported in the articles [35193]. (b) harm: There is no mention of physical harm to individuals due to the software failure incident [35193]. (c) basic: There is no mention of people's access to food or shelter being impacted by the software failure incident [35193]. (d) property: The software failure incident did not directly impact people's material goods, money, or data [35193]. (e) delay: The consequence of the software failure incident was primarily related to flight delays, as multiple flights had to be delayed due to the iPad app crash affecting pilots [35193]. (f) non-human: The incident impacted the operation of multiple planes in the American Airlines fleet due to the crash of the iPad app used by pilots [35193]. (g) no_consequence: The software failure incident led to real consequences such as flight delays and operational disruptions [35193]. (h) theoretical_consequence: There were discussions about potential consequences related to in-flight Wi-Fi being used to hack into avionics systems, but this was not directly linked to the software failure incident with the iPad app crash [35193]. (i) other: There were no other consequences mentioned in the articles [35193].
Domain information (a) The failed system was intended to support the production and distribution of information. The cockpit iPads were used as an "electronic flight bag" to replace paper manuals and distribute information such as flight plans throughout the airline's fleet [35193].

Sources

Back to List