Airbus A330-303 (Qantas Flight 72) Incident
In October 2008, Qantas Flight 72 (Airbus A330-303) was cruising at 37,000 feet on autopilot en route from Singapore to Perth, Western Australia. Suddenly, the aircraft’s inertial reference system (IRS)-which monitors pitch, roll, and yaw-began outputting erroneous data.
As a result, the flight-control computer mistakenly believed the aircraft was entering a stall and, in response to incorrect angle-of-attack (AOA) values, automatically commanded a nose-down maneuver.
This sudden, uncommanded pitch change injured more than one-third of the passengers and over three-quarters of the crew.
Although this specific failure mode had occurred only three times in more than 128 million flight hours, it still fell within the manufacturer’s allowable fault rate. The algorithm was later redesigned to prevent recurrence.
The soft-error rate of the responsible unit was estimated as 3 / 0.128 = 23.44 FIT. However, at a cruising altitude of 37,000 feet, the actual soft-error rate for unprotected memory can be several thousand times higher-meaning such an estimate would severely understate real-world conditions.
Had a more accurate soft-error model been applied, additional countermeasures might have been implemented.
Damage from Qantas Flight 72
Source: Bureau, Australian Transport Safety. “In-Flight Upset - 154 km West of Learmonth, WA, 7 October 2008, VH-QPA, Airbus A330-303; 2011.” Page 169
Sudden Acceleration in Automobiles
Sudden-acceleration incidents involving a well-known “T” brand automobile resulted in numerous injuries and property damage. In response, NASA’s Jet Propulsion Laboratory (JPL) conducted a detailed investigation.
Sudden Acceleration in ‘T’ Brand Vehicles
Image Source: NASA
Between 2010 and 2011, JPL examined whether soft errors could have contributed to unintended acceleration-asking, “Can cosmic rays cause sudden unintended acceleration in cars?”
Ultimately, the case was attributed to a single-bit upset (SBU) in analyses by Carnegie Mellon University, supported by both analytical and experimental data.
The final report emphasized that although error-correcting code (ECC) was applied to the memory modules in question, it did not protect the system from all radiation-induced faults-highlighting a critical gap in system-level fault tolerance.