Space imposes the highest demands on the reliability of any technology. The smallest inaccuracy in calculations, a structural defect, or a malfunction of even a minor component can lead to catastrophes and multimillion-dollar losses.
However, accidents in space do not only occur due to “hardware” problems. Another quite common cause of failures is errors in software. For developers, such incidents are much more frustrating than technical defects. After all, if design flaws cannot be corrected after launch, it’s not the same for software, and accidents related to it are explained by simple carelessness and the desire to save time on additional checks.
In this article, we will discuss seven of the most famous space accidents caused by computer bugs. They include cases that occurred in the early days of the space era, as well as recent incidents.
The Missed Hyphen of Mariner 1
In July 1962, the United States was still lagging significantly behind the USSR in the space race and was making every effort to rectify the situation. Great hopes were placed on Mariner 1. It was supposed to become the first spacecraft in history to fly by Venus. However, it didn’t even manage to leave Earth’s atmosphere. Initially, due to a radio beacon malfunction, the Atlas rocket’s antenna lost communication with the ground control system. As a result, the onboard computer took control. The engines received a series of erroneous commands, causing the spacecraft to deviate from its course, and eventually it had to be destroyed for safety reasons.
During the incident analysis, it was revealed that everything happened because of a single missed hyphen in the control program. The press dubbed it the “most expensive hyphen in history” (the cost of the lost spacecraft was $18.5 million, which, accounting for inflation, is equivalent to approximately $160 million today). To be precise, it wasn’t even a hyphen, but a missed hyphen over a symbol.
In any case, the loss of Mariner 1 vividly demonstrated how much in space depends on the correct functioning of software. It’s worth noting that the subsequent Mariner 2 spacecraft successfully reached Venus and sent back long-awaited scientific data.
Phobos-1 and the “B” Letter
The Soviet Union never had much luck with Mars: none of its missions to the Red Planet in the 1960s and 1970s managed to accomplish all the set tasks. In the late 1980s, the USSR made a new and, as later became clear, its last attempt to achieve success by betting on a pair of Phobos probes, which had an identical design and were the largest spacecraft sent into interplanetary space at that time. They were supposed to carry out an ambitious program of studying Mars and its largest moon.
However, less than two months after the launch, the Flight Control Center (FCC) lost contact with the Phobos-1 spacecraft. Attempts to restore communication were in vain. During the investigation, it was found that, as in the case of Mariner 1, everything happened because of a missing character — this time, the letter “B.”
The matter is that the command system for ground terminals that controlled the Phobos probes was based on an octal system, while when writing programs for the onboard computers of spacecraft, certain parameters had to be recorded in the familiar decimal format. To avoid confusion, the FCC programmers used the letter “B” to denote octal numbers. On August 28, 1988, one of the engineers sent a command to the probe to activate the gamma spectrometer. However, due to the missing letter “B,” the onboard computer interpreted it as a command to deactivate the orientation system. As a result, the automatic scout turned its solar panels away from the Sun, and its batteries quickly discharged. Further attempts to remedy the situation were unsuccessful.
As for Phobos-2, it did manage to reach the Red Planet and even complete the first stage of the scientific program. However, due to a series of failures and malfunctions of various components, the FCC lost contact with it as well.
The Most Expensive Bug in History
The year 1996 was highly significant for ESA (European Space Agency). The agency was preparing to unveil the world a new heavy rocket, the Ariane 5, which was intended to propel Europe to a leading position in the launch services market. On June 4, the launcher detached from the launch pad and soared into the sky. The first 36 seconds of the flight proceeded smoothly. Then, the rocket suddenly deviated from its intended trajectory and exploded before the stunned controllers’ eyes.
The loss of the launcher dealt a severe blow to ESA’s reputation. An independent commission was formed to investigate the causes of the catastrophe. It quickly concluded that the incident was caused by software errors. The issue was that the new rocket was using the software of its predecessor, which hadn’t been modified, while their flight profiles differed significantly.
The investigation found that shortly after liftoff, the software module attempted to calculate a certain parameter based on the rocket’s horizontal velocity. This value turned out to be much larger than the nominal value set for the Ariane 4. When converting the 64-bit floating-point number describing the horizontal velocity to a 16-bit integer representation, an arithmetic overflow occurred. This caused the onboard computer to issue an erroneous command to the rocket engines, sending it on an unplanned trajectory, leading to its destruction.
The loss of Ariane 5 is still considered one of the most expensive computer errors of all time. The total cost of damages amounted to about $500 million. After the investigation’s results were published, ESA abandoned the practice of reusing software and made numerous changes to its diagnostic procedures. The next launcher launch took place in the fall of 1997 and was also plagued by problems, this time related to the engines. The first successful mission of the new rocket occurred only in 1998.
The Victim of the British Measurement System
The year 1999 was supposed to be Mars-focused for NASA. In September, the Mars Climate Orbiter (MCO) was set to enter an areocentric orbit. Its tasks included climate research and relaying signals from the Mars Polar Lander, which was planned to land in the same year.
On September 23, the MCO initiated a maneuver intended to place it in an intermediate areocentric orbit. Soon, it became clear that something had gone wrong. Communication with the spacecraft was lost earlier than planned, and it couldn’t be restored.
Subsequent data analysis showed that the spacecraft’s flight trajectory did not match the planned one. It came within only 57 km of the planet’s surface and apparently burned up in its atmosphere. But what caused this gross error? The answer shocked both mission experts and the general public. It turned out that the reason was a discrepancy between two measurement systems. The software of ground computers used the British unit of force (pound-force), while the MCO’s onboard computer used newtons. This inconsistency caused the spacecraft to deviate from its intended course.
A similar failure befell the Mars Polar Lander. Upon entering the Martian atmosphere, it fell silent forever. According to experts, this too could have been due to a software error. One version suggests that when the lander released its landing gear, vibrations occurred in its structure, which the onboard computer interpreted as a surface impact. As a result, the probe prematurely turned off its engine and crashed. Interestingly, the programmers were informed of this possibility but didn’t make any changes to the software that could have prevented such a situation.
Loss of the Hitomi Telescope
February 17, 2016, appeared to be a triumphant day for the Japan Aerospace Exploration Agency (JAXA). The organization successfully placed the Hitomi telescope in low Earth orbit — the largest and most complex scientific instrument in Japan’s history. It was expected to usher in a new era of X-ray astronomy for the country. However, this did not come to pass. The spacecraft was destroyed 37 days after launch.
Initially, experts speculated that the telescope had collided with a micrometeorite or a fragment of space debris. However, it was later discovered that the situation was far more complex. Problems began with the installation of a software update, which contained incorrect data about the equipment’s configuration. After Hitomi executed a planned maneuver, the stabilization system incorrectly calculated that it had started rotating around its axis and attempted to “correct” this situation. The attempt to stop the nonexistent rotation resulted in the spacecraft spinning, losing its orientation, and entering a safe mode.
Next, Hitomi tried to rectify its position by reorienting itself toward the Sun using its main engines. This decision turned out to be fatal. Due to incorrect software behavior, the telescope started spinning even faster. As a result, centrifugal forces tore off all loosely attached and protruding elements, including its solar panels. Afterward, the new instrument worth $285 million could not be salvaged.
Failed Schiaparelli Demonstration
Among Mars explorers not only “Phobos-1”, Mars Climate Orbiter, and Mars Polar Lander met their demise due to software errors. In October 2016, a demonstration module named Schiaparelli joined them.
This spacecraft was part of the Trace Gas Orbiter (TGO) mission. Its primary tasks included testing entry technologies into the atmosphere and demonstrating the capability for a soft landing on the Martian surface. While the module successfully completed the first part of the program, it encountered issues with the second part. Fifty seconds before the expected landing, the Flight Control Center lost the signal, and a few days later, the American MRO spacecraft photographed the crater left by Schiaparelli’s impact.
Investigations revealed that after deploying its braking parachute, the landing module began rotating rapidly. This caused its inertial measurement unit (IMU) reached the limit of its measurement capabilities and unable to display the real velocity. Due to the incorrect data input, the onboard computer mistakenly concluded that Schiaparelli had already descended below the Martian surface level. Consequently, it prematurely deployed the parachute and briefly turned on and then off the landing engines. At that moment, Schiaparelli was at an altitude of 3.7 km, from where it fell to the surface at a speed of about 540 m/s.
All of the events described above could have been avoided if the module’s software had included a procedure to check for such obvious errors. Moreover, the situation of IMU overloading could have easily been detected during additional checks. However, for unknown reasons, the mission’s programmers failed to conduct these checks, leading to the loss of Schiaparelli.
The “Chain Reaction” at the Israeli Lunar Probe
In 2019, the Beresheet probe made history as the first privately funded spacecraft to reach the Moon. It successfully executed most of its tasks—launching, maneuvering, and reaching a selenocentric orbit. Unfortunately, due to a software glitch, it failed to complete its final goal: making a soft landing on the lunar surface.
In the initial moments of descent, there were no signs of trouble. However, at an altitude of 14 km above the lunar surface, the IMU block experienced a malfunction. The situation itself was not critical as the spacecraft had backup measurement systems. An operator sent a command to the probe to rectify the situation.
However, in practice, things did not go as expected. Due to software errors, the command triggered a chain reaction of failures, ultimately leading to the shutdown of the landing engine. In this situation, the only option was to reboot the onboard computer.
This action indeed helped, and experts managed to reactivate the engine. Unfortunately, it was already too late. At the moment of reactivation, Beresheet was only 149 m above the surface, descending at a speed of about 135 m/s. There was simply not enough time for it to decelerate. As a result, it crashed into the lunar surface, joining the list of spacecraft that met their demise due to programmer errors.
