top of page
Search

Did somebody hack the software in these Airbus planes that were recently grounded?

  • Writer: 17GEN4
    17GEN4
  • Dec 2, 2025
  • 5 min read

Updated: Dec 20, 2025



No. However, no system is un-hackable


No, the recent grounding of thousands of Airbus A320-family planes was not caused by a hack. 


It stemmed from a software vulnerability exposed by intense solar radiation (like X-class solar flares), which can cause "bit flips" in flight control computers, corrupting critical data and potentially leading to uncommanded maneuvers. This issue came to light after a JetBlue A320 flight from Cancun to Newark on October 30, 2025, experienced a sudden nose-dive at 35,000 feet, injuring at least 15 passengers and forcing an emergency landing in Tampa, Florida. The National Transportation Safety Board investigation linked it to solar-induced data corruption in the Elevator Aileron Computer (ELAC), though the autopilot corrected the trajectory.


Airbus identified the flaw on November 28, 2025, issuing an urgent alert to operators and prompting the European Union Aviation Safety Agency (EASA) and U.S. Federal Aviation Administration (FAA) to mandate immediate fixes before further passenger flights. About 6,000 aircraft—nearly half the global A320 fleet—were affected, leading to widespread groundings, flight cancellations, and delays during the busy holiday travel period. Airlines like IndiGo (over 200 planes in India), American Airlines (209 jets), Delta, Air France, ANA Holdings, and Avianca faced major disruptions, with some suspending sales or canceling hundreds of flights.


The fix involves reverting ELAC software to an earlier stable version (L103) for most planes, taking about 2-3 hours per aircraft, or hardware replacement for around 1,000 older models, which could take weeks. By December 1, 2025, Airbus reported that over 5,900 planes had been updated, with fewer than 100 still grounded. Operations largely resumed by December 2, though some carriers like Avianca anticipated lingering issues into mid-December.


This isn't a cybersecurity breach but a known risk in aviation electronics: cosmic rays and solar particles can flip bits in memory at high altitudes, where shielding is limited. Similar "bit flip" incidents have occurred before, like a 2008 Qantas A330 plunge. Airbus tested scenarios and ruled out other causes, including deliberate interference. On X (formerly Twitter), discussions framed it as "solar warfare" or a "cosmic hack" metaphorically, but no credible reports suggest actual hacking. A separate quality issue with fuselage panels on some A320s emerged on December 2, but it's unrelated to the software grounding.


So it is just like a little glitch?


No, it’s not just a “little glitch” in the casual sense.


What happened is a very serious single-point software vulnerability that, under rare but real conditions (strong solar radiation at high altitude), can corrupt critical flight-control data and cause the plane to suddenly pitch nose-down without pilot input.


Here’s why it’s a big deal, even if it sounds like “just a glitch”:

  • On the JetBlue flight, the plane dropped 5,000 feet in 20 seconds and pulled +3.2g / –1.8g. That’s violent enough to throw unrestrained passengers into the ceiling and injure 15 people.

  • The flaw existed in the current ELAC software version (L104 and later) on ~6,000 aircraft worldwide — basically half of all A320-family jets flying today.

  • In the worst-case scenario, if the solar radiation event had been stronger or lasted longer, the autopilot might not have corrected in time, and the crew might not have recovered manually. That’s why regulators grounded the planes immediately instead of waiting.

  • It only takes one flipped bit in the wrong memory location to trigger the problem — something that cosmic rays/solar particles do occasionally at 35,000 ft.


So yes, it was caused by a single-bit corruption (“a glitch” at the hardware level), but the consequence was potentially catastrophic, which is why thousands of planes were pulled from service within hours and the fix was treated as an emergency airworthiness directive.


In short: tiny trigger, massive potential impact. That’s why it made global headlines and disrupted travel for millions of people.


Who designed the software?


The ELAC software for the Airbus A320-family aircraft was developed by Airbus itself, in collaboration with Thales, which manufactures the underlying hardware.


Here's the breakdown based on the specifics of the recent incident:


  • Airbus's Role: Airbus designs and produces the software for the Elevator Aileron Computer (ELAC), including the versions L103 and L104 at the center of the solar radiation vulnerability. They issued the Alert Operators Transmission (AOT) on November 28, 2025, mandating a revert to the stable L103 version for most affected planes. Airbus's avionics division has historically handled flight control software for the A320's fly-by-wire system, as confirmed in their technical assessments and service bulletins.


  • Thales's Role: As the hardware supplier for the ELAC units (along with other flight control computers like SEC and FAC), Thales builds the physical computers to Airbus's specifications. However, Thales has explicitly stated that the vulnerable software functionality falls outside their responsibility—it's Airbus's domain. Thales pioneered much of the A320's fly-by-wire tech in the 1980s but focuses on hardware integration and certification support.


This division of labor is standard in aviation: OEMs like Airbus own the high-level software logic for flight envelope protection and control laws, while suppliers like Thales provide the ruggedized computing platforms. The fix—reverting to L103—took Airbus just days to roll out globally, highlighting their direct control over the software updates. No third-party vendors (e.g., Honeywell, which handles flight management systems) are involved in the ELAC software.


So after the software is upgraded, the system won't be hacked anymore?


No, the software update doesn't directly address hacking risks because the original issue wasn't a hacking vulnerability—it was a flaw in how the system handled natural data corruption from intense solar radiation (like solar flares causing "bit flips" in memory). That said, the fix does make the system more robust against certain types of unexpected data changes, which could indirectly help against some theoretical hacks, but it's not a cybersecurity patch.Quick Breakdown:

  • The Problem (Pre-Update): The newer ELAC software (version L104) had a specific logic path that didn't fully validate or correct corrupted data. If solar particles flipped a single bit in critical flight control memory, it could lead to an uncommanded nose-down pitch. This was a rare, environmental trigger—not a deliberate exploit.

  • The Fix (Revert to L103): Airbus rolled back to an earlier, stable version (L103) that better guards against such corrupted inputs through improved error-checking and redundancy. This eliminates the solar radiation risk entirely, as confirmed by Airbus and regulators like EASA and the FAA. Over 5,900 of the ~6,000 affected planes were updated by December 1, 2025, restoring full operations.

  • Hacking Angle:

    • Not the Issue Here: Aviation systems like the A320's fly-by-wire are air-gapped (no internet connectivity) and use triple-redundant, certified hardware/software with strict access controls. No reports link this incident to cyber threats—it's purely a physics-based glitch from cosmic rays.

    • Indirect Benefits: The enhanced error detection in L103 could catch and ignore tampered data if a hacker somehow injected bad inputs (e.g., via a supply-chain attack). But true hacks would need physical access or insider threats, which the update doesn't target.

    • Ongoing Protections: Airbus routinely audits for cyber risks separately (e.g., via EASA's cybersecurity mandates). If a real hacking vector emerged, it'd trigger a different kind of directive—not this solar-specific one.


In essence, your planes are safer overall post-update, but "un-hackable" is a myth in any complex system—it's about layered defenses. If you're worried about cyber stuff in aviation, that's more about things like ground-based IT breaches than flight controls. 17GEN4.com



 
 
 

Comments

bottom of page