Software failures

Software Fail Watch, Q1 2017: Defects Impact Divorces, the Deceased & the Dark Web

The most obvious conclusion drawn from the Q1 installment of the 2017 Software Fail Watch is that software bugs never sleep. While the rest of the world struggled through their New Year’s hangovers, software bugs wasted no time making their mark on the new year.

The tally of software fails collected from Q1 are on par with 2016’s numbers (111 in 2017 vs. 116 in 2016). However, the difference lies in the sheer dramatic impact of the fails.

In 2015 and 2016, many of the most sensational or notable stories clustered around Q2 and Q3, following the average rise of consumer purchasing trends throughout the year. Simply put: people don’t tend to spend as much money in the new year, effectively lessening the impact of a Retail, Transportation, or Entertainment software fail during those months.

2017 has proven to be an exception. Here’s a short list of big stories we have seen in the last three months alone:

…And we’re just getting started. There’s another 51 stories on that list, and that’s not even including some of the more dramatic stories that were conveniently buried under piles of US political coverage.

Volume-wise, Government is in the lead with 32 software fails. No surprises there. Once again however, their bugs are unusually sensational, such as India’s attempt to inform deceased persons that they need to repatriate their own bodies. The unexpected up-and-comer in the list is the Services industry, covering everything from electricity and internet providers to service apps like Uber and Tinder. From January to March we saw an unusually high 25 software bugs, including 50% of the most damaging bugs from Q1.

Now without any further delay, let’s look at some of the stories that caught our attention in Q1:

“St. Jude Medical Patches Cardiac Implants After Discovering How Easily They Can Be Hacked”

In early January, the US Food and Drug Administration revealed vulnerabilities in St. Jude Medical brand pacemakers and defibrillators. According to the FDA’s findings, the cardiac implants can be remotely accessed and reprogrammed to drain the battery, interrupt pacing, or shock the patient. St. Jude Medical responded by pushing out a software patch, which will hopefully be an effective solution given that a full recall would be a bit…invasive.  Source. 

“Frenchman Sues Uber Over a Software Bug”

It’s not often you hear of a software bug resulting in divorce, but we are living in exceptional times. A common Uber app bug revealed a man’s affair to his wife, leading to a divorce and a lawsuit landing in Uber’s lap. The bug causes Uber notifications to be pushed to a device, even after logging out of your account on that device. In this case, the “cheating Frenchman”, who had once called an Uber from his wife’s phone, was exposed when she received notifications of using Uber to visit his mistress. The angry ex-husband is now suing Uber for up to $45 million in damages. Source.

“Software Bug Leads to a Leak on the Dark Web Market, AlphaBay”

AlphaBay, the largest marketplace on the dark web (trading in illicit drugs, stolen data, etc.), experienced a bug that resulted in the exposure of 218,000 private messages. Given the nature of the dark web and marketplaces like AlphaBay, privacy and anonymity is clearly a desired trait amongst users. The leaked messages revealed everything from vendor and customer names and mailing addresses, to parcel tracking numbers and invoices for all kinds of illegal activity. According to the Reddit user who shared the story, AlphaBay had received and ignored three tickets regarding the bug prior to the leak. As opposed to most data leaks, this particular incident may prove to be a prize for law enforcement officers looking to take down dark web markets. Source.

“Train Speed Error Sends Four People to the Hospital”

A software bug caused an inter-terminal train at the Denver International Airport to speed up unexpectedly, then abruptly slow, causing injury to dozens of passengers and sending four to the hospital. The National Transportation Board, who evaluated the incident, found that a software glitch allowed an incorrect speed code to be sent to the train, causing the train to accelerate past normal speeds. Paramedics responded to the incident and treated more than half of the 47 passengers. The company contracted to run the airport trains, Bombardier, has since adjusted the software containing the coding error. Source.

“Glitch Reveals Personal Data of 1.9 Million Michigan Residents”

The state of Michigan’s buggy software saga continues into 2017. In 2016, officials discovered that the state’s automated unemployment benefit application system had been inaccurately flagging applicants for fraud for two years. Over 20,000 people had been falsely accused, fined, and denied benefits. In early February, officials revealed that the same buggy system had been exposing the names and private Social Security numbers of 1.9 million individuals for the past four months. A fix was reportedly applied the same day that the breach was discovered. However, it remains to be seen if Michigan is better off without this software system entirely. Source.

More on Software Failures:

Software Fail Watch: 2016 in Review
Software Fail Watch 2016, Quarter Three
Software Fail Watch 2016, Quarter Two
Software Fail Watch 2016, Quarter One
Software Fail Watch: 2015 in Review
Software Failures of 2015: Quarter Three
Software Failures of 2015: Quarter Two
Software Failures of 2015: Quarter One


Check out our Tricentis Tosca factsheet today to see how you can make sure you never experience a newsworthy software failure.