by Anastasia Kizilo | April 28, 2021 11:51 am
This month brought many memorable and impactful software bugs-related news. In April, the world discussed dangerous security bugs, problems with aviation software, a high-profile bug-related court case, and issues with electric folding bicycles.
Read our April Bugs Digest further to learn all the details.
Codecov, an IT company providing code coverage tools for more than 29,000 customers, including such business giants as IBM, Hewlett Packard, Procter & Gamble, Atlassian, The Washington Post, and GoDaddy, has revealed a serious security breach this month.
Hackers exploited a bug in Codecov’s process of Docker image creation to get access to the Bash Uploader script and change it. This allowed them to be able to export users’ information.
Codecov has fixed the problem and informed the public about the situation. But the real damage this breach caused is yet to be discovered. It was revealed that the hackers had gotten access to the code since January 31. But Codecov found out the problem only at the beginning of April thanks to an alert by one of the vigilant customers.
This situation proves that even the most prominent IT companies can become victims of attacks exploiting security vulnerabilities. So the role of regular and thorough security testing cannot be underestimated in the modern world.
9 severe security bugs related to Domain Name System (DNS) implementation and collectively named NAME:WRECK were discovered in 4 popular Transmission Control Protocol/Internet Protocol (TCP/IP) stacks in April.
The 4 affected software stacks ― NetX, IPnet, Nucleus NET, and FreeBSD ― are widely used in smartphones, the Internet of Things (IoT) technologies, healthcare, and navigation systems for aviation among others. Researchers from Forescout and JSOF Research who discovered NAME:WRECK argue that the bugs affect no less than 100 million devices.
Exploiting these security vulnerabilities allows Remote Code Execution (RCE), DNS cache poisoning, and Denial of Service (DoS) attacks. Some patches to fix the bugs are already available.
This huge news about security bugs once again reminds us about the absolute importance of security testing and QA.
On April 21, the Consumer Product Safety Commission of the United States recalled Brompton folding electric bicycles (e-bicycles that users can fold to carry and store easier) because of a software bug, which can potentially cause injuries.
The bicycles’ software has the functionality of pedal assistance that engages the motor and moves a Brompton bicycle forward with less effort when users are actively pedaling it. The software bug that caused the recall made it so the bicycle was propelled forward by the motor even when the rider stopped pedaling. This defect could potentially lead to falls and injuries.
All the owners of Brompton folding electric bicycles were asked to stop using the vehicles until they get a software update that fixes the bug.
The situation with Brompton folding electric bicycles emphasizes the necessity of proper software testing of product’s functionality before the release.
On April 5, people could not book flights on the booking websites of Delta Airlines, United Airlines, and American Airlines because of an issue with the software provided by Google.
All 3 airlines and also Google Flights use Google ITA Matrix. This software allows to manage flights, which is particularly important in reservations systems. On Monday, Google ITA Matrix crashed because of a software bug, and the airlines lost the ability to display correct data about flights.
The issue was resolved in about 2 hours. Google and all the affected airlines apologized for the inconvenience and trouble they caused to the customers.
This situation proves that no software, even if it is developed and tested by the best professionals in the field, can be completely safe from bugs. So there is no such thing as too much Quality Assurance.
The check-in software used by TUI airline automatically identified all passengers registered as “Miss” as children. Because of it, the system confused many women with children and assigned them a child’s weight (35 kg or 77 lbs) instead of an adult’s weight (69 kg or 152 lbs).
This software bug led to potentially extremely dangerous flight load miscalculations. Incorrectly assigned weight could cause excessive load on the plane, which is a known cause for several air crashes in the past. Thankfully, this time the compromised flights ended successfully.
While this check-in confusion happened earlier last year, it only became news this April when the issue was described in the UK Air Accidents Investigation Branch report. The document explains the problem through cultural differences. In the country where the software was developed, the title “Miss” is used for little girls and “Ms” for adult women.
This situation is one of the best examples of how essential localization testing can sometimes be. In this case, cultural and regional differences in the usage of titles conveyed in the software could potentially cost hundreds of human lives.
On April 23, the UK Court of Appeal cleared 39 former postal workers from their convictions for false accounting, theft, and fraud, judging that all the financial discrepancies were actually caused by the bugs in the Horizon software used by the Post Office.
The convictions of British post office workers based only on the data from the Horizon software provided by Fujitsu are already called “one of the biggest miscarriages of justice in British legal history” (The Guardian). In 2000-2014 while the Horizon software was used by the Post Office of Great Britain, approximately 900 postal workers were prosecuted and convicted for the loss of huge sums of money. Now, it is proved that the money was not taken. The multiple bugs in the Horizon software just made it incorrectly calculate and display financial data.
The wrongful convictions had a tremendously damaging effect on the lives of former post office workers. Some served their time in prison, some were separated from their families, some suffered financial losses and their careers being ruined, some committed suicide. Currently, more 2000-2014 convictions of postal workers are being investigated and reassessed.
This high-profile case is an important reminder that software bugs are a very serious matter. Sometimes, they can ruin lives, and it is not an exaggeration. So high software quality should really be the top priority. And proper, thorough software testing should always be conducted.
We wish you successful testing and detecting all the serious bugs in advance.
Source URL: https://blog.qatestlab.com/2021/04/28/software-bugs-monthly-digest-%e2%80%95-april-2021/
Copyright ©2021 QATestLab Blog unless otherwise noted.