Sometimes systems crush. And when they crush, they become headline news. The past few years have seen a sharp increase in the number and severity of software glitches at major companies. These newsworthy software “fails” have a negative impact on customer satisfaction & public reputation. The aftermath of each new failure is frequently projected across the internet, and can follow businesses around for years. The results of a phenomenally simple software error can affect the life of millions of people in the most negative way. Let’s take a look at some of the top Software glitches of 2017 to serve as a reminder of just how important Software testing is.
In 2017, bugs banned people from Twitter, secretly recorded them in their homes, and even caused a train crash. What computers do is follow instructions given to them by people. And people have a tendency to write buggy software. When it fails, it can be startling, alarming, irritating, or darkly funny – or, sometimes, all of the above. Let’s recap the year to know about top 20 Software glitches of 2017.
25 million Trucks Reversed
A major software glitch that could cause the airbags and seatbelts in Ram trucks to fail during rollover collisions caused Dodge to recall more that 1.25 million trucks. To prevent the problem from reoccurring, the onboard sensor needs to be reprogramed.
A Biggy Signal
In a Singapore train station during rush hour, one commuter train rear-ends another, resulting in 29 injuries. An investigation reveals that buggy signaling software left the train that did the rear-ending confused about how many cars the train in front had. And that led it to keep going when it should have come to a halt.
A Troubled year for Apple
First mentioned in an Apple support forum, a bug in Apple’s new High Sierra OS provides access to Macs with the user name “admin” and no password, permitting anyone who gets his or her hands on your computer to get at your files. Within a day of the problem gaining widespread notoriety, Apple rushes out an auto-installing patch and apologizes.
A problem with the autocorrect feature in Apple’s newest mobile operating system causes iPhones to substitute an A and a strange character whenever users type “I,” resulting in widespread typos on Facebook and Twitter. Some users resort to workarounds, while others seem blithely unaware that they’re disseminating gibberish.
Amazon’s Home Alone
In October, Amazon announces Amazon Key, a smart lock that lets its delivery people – or employees of Amazon partners such as housecleaning and dog-walking services – enter your home. To make that idea less scary, their entry is recorded by the new Amazon Cloud Cam. But security researchers soon show how a bad guy with Amazon Key access could use a Wi-Fi vulnerability to freeze the Cloud Cam’s video feed, making it appear as if the door is closed when someone’s opening it. Amazon emphasizes that it’s an unlikely scenario, but releases a patch to alert users when their camera has been shut off.
Better Late than Never
Microsoft releases a patch for a Microsoft Office component called Equation Editor, originally released in November 2000. Security researchers had shown that the software had a vulnerability that could allow someone to seize control of your PC over the internet and run code on it – and that security features built into Windows and Office didn’t eliminate that danger.
Cancellation & Delays | 75,000 passengers impacted
For the sixth time this year – a major IT software failure led to massive cancellations on local flights and significant delays on international flights. It took over three days of cancellation chaos to resolve the problems that plagued British Airways during this outage. The company’s website was down for over two hours and it took many days for British Airways operations to return to absolute normalcy.
Cloudbleed | Random Leakage
In February, the internet infrastructure company Cloudflare announced that a bug in its platform caused random leakage of potentially sensitive customer data. Cloudflare offers performance and security services to about six million customer websites (including heavy hitters like Fitbit and OKCupid), so though the leaks were infrequent and only involved small snippets of data, they drew from an enormous pool of information. Cloudflare patched the bug within hours.
Delayed Patch | Sensitive Breach
In September, credit-monitoring kingpin Equifax’s website was breached by someone who makes off with sensitive information on up to 143 million Americans. This epic act of cyber-mendacity was possible only because Equifax failed to install a fix for its Apache web servers, even though it was available for two months prior to the break-in.
In February, a malfunction during a routine upgrade of Suncorp Bank’s core banking platform caused the disappearance of money from customers’ bank accounts. Additional customer complaints included overdrawn and locked out accounts. The wrong balances were a result of the unspecified glitch that occurred.
Gmail & Body Sensors?
A nagging flaw in Google’s Play Services software for Android causes Gmail to demand access to “body sensors” before it will let users send email. The sensors in question relate to fitness apps, and Gmail doesn’t need access to them – which makes its request all the creepier.
Google is Listening 24/7
Android Police’s Artem Russakovskii – one of the members of the media who got an early unit of Google’s pint-sized Google Home Mini smart speaker – discovers that his Mini is recording audio 24/7 and storing it on Google’s servers. It turns out that a glitch with the speaker’s touch panel was to blame; Google reacts by simply disabling the option to talk to the Mini by pressing the touch panel. It eventually brings back some but not all of the features it deleted.
Macron Campaign Hack
Two days before France’s presidential runoff in May, hackers dumped a 9GB trove of leaked emails from the party of left-leaning front-runner Emmanuel Macron. The leak seemed orchestrated to give Macron minimal time and ability to respond, since French presidential candidates are barred from speaking publicly beginning two days before an election. The attack was less strategic and explosive than the WikiLeaks releases of pilfered DNC emails that dogged Hillary Clinton’s presidential campaign in the US, but Macron also had the advantage of observing what had happened in the US and preparing for potential assaults.
Millions of Voter Records Exposed
Unfortunately, it’s not uncommon to hear that a trove of voter data was breached or exposed somewhere in the world. But in June, researcher Chris Vickery announced a discovery that would give even the most jaded security expert pause. He had discovered a publicly accessible database that contained personal information for 198 million US voters – possibly every American voter going back more than 10 years. The conservative data firm Deep Root Analytics hosted the database on an Amazon S3 server. The group had misconfigured it, though, such that some data on the server was protected, but more than a terabyte of voter information was publicly accessible to anyone on the web. Misconfiguration isn’t a malicious hack in itself, but it is a critical and all-too-common cybersecurity risk for both institutions and individuals.
Personal Data Breach
The state of Michigan’s buggy software saga continues into 2017. In 2016, officials discovered that the state’s automated unemployment benefit application system had been inaccurately flagging applicants for fraud for two years. Over 20,000 people had been falsely accused, fined, and denied benefits. In early February, officials revealed that the same buggy system had been exposing the names and private Social Security numbers of 1.9 million individuals for the past four months. A fix was reportedly applied the same day that the breach was discovered.
Petya / NotPetya / Nyetya / Goldeneye
A month or so after WannaCry, another wave of ransomware infections that partially leveraged Shadow Brokers Windows exploits hit targets worldwide. This malware, called Petya, NotPetya and a few other names, was more advanced than WannaCry in many ways, but still had some flaws, like an ineffective and inefficient payment system. Though it infected networks in multiple countries—like the US pharmaceutical company Merck, Danish shipping company Maersk, and Russian oil giant Rosnoft—researchers suspect that the ransomware actually masked a targeted cyberattack against Ukraine. The ransomware hit Ukrainian infrastructure particularly hard, disrupting utilities like power companies, airports, public transit, and the central bank.
Shadow Brokers Hack
This April, marked the mysterious hacking group ‘Shadow Brokers’ most impactful release yet. It included a trove of particularly significant alleged NSA tools, including a Windows exploit known as EternalBlue, which hackers have since used to infect targets in two high-profile ransomware attacks. If these tools get out, they potentially endanger billions of software users.
The Unsecure Security patch
Two weeks were needed for the faulty electronic medical records system of Cairns Hospital (Australia) to recover. The security patches installed to counter a cyber-attack that occurred to the statewide network, left the hospital users unable to log on or off the system. The loss of clinical notes, long delays in retrieving patient information and ambulance ramping are a few results of this error.
Unlimited Node Crash
Bitcoin suffered from two software failures in the same month back in March. The most serious glitch was linked to a software bug that caused over 100 ‘Bitcoin Unlimited’ nodes (nearly 70%) to disappear from the network completely. The developers had to release a patch for the bug and keep the changes private to avoid a repetition of nodes drop off.
WannaCry | A ransomware attack
On May 12 a strain of ransomware called WannaCry spread around the world, walloping hundreds of thousands of targets, including public utilities and large corporations. Notably, the ransomware temporarily crippled National Health Service hospitals and facilities in the United Kingdom, hobbling emergency rooms, delaying vital medical procedures, and creating chaos for many British patients. Though powerful, the ransomware also had significant flaws, including a mechanism that security experts effectively used as a kill switch to render the malware inert and stem its spread.
Wikileaks CIA Vault 7
In March, WikiLeaks published a data trove containing 8,761 documents allegedly stolen from the CIA that contained extensive documentation of alleged spying operations and hacking tools. Revelations included iOS and Android vulnerabilities, bugs in Windows, and the ability to turn some smart TVs into listening devices. Wikileaks called the dump “Vault 7,” and the organization has followed the initial release with frequent, smaller disclosures.
Other Insignificant Errors
Twitter users notice that searching for terms such as #gay and #bisexual doesn’t find any results. The company apologizes, explaining that a bug relating to the algorithm it uses to flag adult content had mistakenly hidden all tweets relating to some terms regardless of the nature of their usage.
Some users of Google’s Google Home Mini report that turning the pint-sized speaker up to maximum volume crashes it.
Security researcher Pouya Darabi discovers that Facebook’s new polling feature can be gamed to delete other photos on the social network – including private ones – via their unique identifiers. Facebook gives him $10,000 for bringing the vulnerability to its attention.
It’s not often you hear of a software bug resulting in divorce, but we are living in exceptional times. A common Uber app bug revealed a man’s affair to his wife, leading to a divorce and a lawsuit landing in Uber’s lap. The bug causes Uber notifications to be pushed to a device, even after logging out of your account on that device. In this case, the “cheating Frenchman”, who had once called an Uber from his wife’s phone, was exposed when she received notifications of using Uber to visit his mistress.
Top Software Glitches of 2017 | That could have been avoided
It’s easy to shrug and assume that these top software glitches of 2017 are simply a cost of doing business in an always-on, connected world. Fortunately, this isn’t true. In fact, one of the primary reasons companies are embracing Test automation is because it allows them to find defects before they enter production. With continuous integration becoming standard practice, there are more updates and upgrades happening in today’s technology landscape than ever before. But that doesn’t mean these frequent changes should put your business at risk. It is possible for businesses to deploy change while ensuring that every business process works and every application runs as it should.
Avoid negative press attention, angry customers, and frustrated employees by embracing continuous automated testing, i.e. no human intervention required to conduct critical testing on a regular basis. This is especially important given the increasing prevalence of Agile and DevOps methodologies. This gives teams the control to schedule and run end-to-end tests in parallel and at scale. Running tests in parallel allows companies to scale their regression testing of every process, every day. The value of ensuring uninterrupted business execution is enormous. Technology glitches create PR nightmares – as you can see from the list above. Automated business process testing can safeguard businesses against software-related disruptions and failures, and keep your business off lists of top glitches in the years to come.