Garmin outage possibly because of ransomware attack

[spartaman64]

Quote

Garmin fitness devices have been left disconnected for nearly a day after the company suffered a major outage, possibly caused by a ransomware attack. The outage first reported by Garmin over 20 hours ago, as of this writing, affects Garmin wearables and apps, as well as Garmin call centers.

Quote

Garmin Connect is the service that allows owners of Garmin devices like Forerunner smartwatches to obsessively track their running performance, for example. ZDNET reports that flyGarmin, the navigation service that supports Garmin’s aviation devices, has also been down affecting some pilots.

According to ZDNET, Garmin was forced to shut down a number of crucial services after a ransomware attack locked some of the company’s production systems on its internal network. Although the company hasn’t confirmed the attack, ZDNET notes that a number of employees on Twitter and in interviews, claim the attack used a strain of ransomware called WastedLocker.

source: https://www.theverge.com/2020/7/24/21336881/garmin-ransomware-attack-outage-cause

 

Well at least it seems to be only their wearables it would be much more serious if their gps systems went down and leave people stranded. I hope they had backups rather than paying the ransom.

[mcbaes72]

Same here, a tech company like Garmin should've had better security in place.  At least tell their employees stop clicking on links in suspicious emails or however way the ransomware took over.  The wearables doesn't sound serious, but affecting their call centers would be a major issue.

 

BTW, has that website improved its credibility?  After their build-a-PC fail video, wasn't sure if their articles are worth reading or if they're still considered a laughing stock.

[Bombastinator]

Garmin is old.  They’ve been doing electronics for a long time and some part of their network is going to be weak.  I watched a “five levels of explanation” video on cyber attacks recently done by a guy who does intrusion work for a security firm.  He related an instance where they got into the system through an old meat scale. 
 

Behooves older companies to do really in depth systems analysis and harden and possibly replace older systems that may no longer be up to snuff.

[StDragon]

Trojan = a dropped brightly colored USB flash drive in the parking lot of a large company. All it takes is for a single moron to plug it into the computer and for that person to run a script or executable.

 

The possiblities for 0wning a company are near endless. What it comes down to is the human element. It's why basic cyber security training should be mandatory for any company that's on-boarding a new employee. Also continual testing and observation is necessary. KnowBe4 is one such service.

 

 

[sora.sky]

Garmin is used heavily in aviation from portable GPSs to integrated glass cockpits in all kinds of planes from light single engine to short range business jets. 

These embedded machines provide information on everything from navigation to engine information and autopilot.

They're also updatable via the internet with the pilot downloading the data off the internet and writing to SD cards. 

Its sort of concerning if someone were to ever attack Garmin's GPS and aviation suites.

[Spotty]

10 hours ago, spartaman64 said:

Well at least it seems to be only their wearables it would be much more serious if their gps systems went down and leave people stranded.

Aren't they mostly stored offline maps that just use GPS data? They shouldn't need to communicate back to Garmin unless they're updating the map packs. Though maybe some have live updates for road works/congestion/etc?

 

But what I'm actually curious about is how does someone end up "stranded" if their Garmin GPS fails? 

Smart phones would still work and you'd be able to use Google maps/maps.

Even without a phone you would just need to follow the road signs or worst case stop and ask someone for directions.

 

GPS navigation systems are great and they do make it easier to navigate cities you're not familiar with, I've used my phone for GPS many times, but you can live without it and you're not going to end up stranded on the side of the road.

[spartaman64]

6 minutes ago, Spotty said:

Aren't they mostly stored offline maps that just use GPS data? They shouldn't need to communicate back to Garmin unless they're updating the map packs. Though maybe some have live updates for road works/congestion/etc?

 

But what I'm actually curious about is how does someone end up "stranded" if their Garmin GPS fails? 

Smart phones would still work and you'd be able to use Google maps/maps.

Even without a phone you would just need to follow the road signs or worst case stop and ask someone for directions.

 

GPS navigation systems are great and they do make it easier to navigate cities you're not familiar with, I've used my phone for GPS many times, but you can live without it and you're not going to end up stranded on the side of the road.

i mean why would you be using a garmin gps if you have a smartphone anyways lol so its likely that someone using a garmin would have a dumb phone or not have a data plan. though i guess they would have maps or something as a backup

[Bombastinator]

5 minutes ago, spartaman64 said:

i mean why would you be using a garmin gps if you have a smartphone anyways lol so its likely that someone using a garmin would have a dumb phone or not have a data plan. though i guess they would have maps or something as a backup

I believe airplanes were mentioned earlier which you can’t exactly fly from a cell phone. Probably a lot of shipping done with them too, so basically the entire product chain.  You make a certain point though.

[Spotty]

5 minutes ago, spartaman64 said:

i mean why would you be using a garmin gps if you have a smartphone anyways lol so its likely that someone using a garmin would have a dumb phone or not have a data plan. though i guess they would have maps or something as a backup

I know people that still use nav GPS simply because they bought it before it was practical to use a phone as a GPS, and there's no reason for them to use their phone as a GPS if they already have a dedicated GPS.. Plus there's people that just leave it in their car all the time set up ready to go, or ones that are built in to the car.

[Deli]

20 minutes ago, Spotty said:

Aren't they mostly stored offline maps that just use GPS data? They shouldn't need to communicate back to Garmin unless they're updating the map packs. Though maybe some have live updates for road works/congestion/etc?

 

But what I'm actually curious about is how does someone end up "stranded" if their Garmin GPS fails? 

Smart phones would still work and you'd be able to use Google maps/maps.

Even without a phone you would just need to follow the road signs or worst case stop and ask someone for directions.

 

GPS navigation systems are great and they do make it easier to navigate cities you're not familiar with, I've used my phone for GPS many times, but you can live without it and you're not going to end up stranded on the side of the road.

You get stranded because you use Google map. Quite a few times the information on Google map are just plain wrong.

[Bombastinator]

28 minutes ago, BlueScope819 said:

Link?

Link?  That garmin is old and has been doing electronics for a long time?   You could try their wiki.  I didn’t look it up.  Feel free though. my memory is anecdotal

said anecdote:

 “Long” is a relative term.  I know garmin is what supplanted loran c in ship triangulation.   First time I remember hearing the name garmin I was a mate on my half brother’s ikiahibi fishing boat in Hawaii.  We did commercial fishing for ahi.  That was the early 80’s. I recall some pretty lady had won miss America or miss universe or something and it turns out she had been short on cash earlier and had done some porn.  Pics were in penthouse.   I forget her name.  Might be Samantha Fox.  Not sure.  My step brothers fishing boat had loran c back then but it was old.  He’d bought it used.  He talked about how the new big ships were using garmin then.  I was a teen so that’s a good long while ago. 

[Bombastinator]

13 minutes ago, BlueScope819 said:

No, I mean this:

 

Ah.  It popped up on my YouTube recommended, but I don’t have a link.  It’s long gone.  The “five levels of explanation” thing is about general science stuff.  They do a lot of things besides computers.  It’s a series done by. “Wired”.  At least I assume it was that series. 

https://www.wired.com/video/series/5-levels

so I go googling about.  
 

the video appears to be here

https://www.wired.com/video/watch/5-levels-hacker-explains-one-concept-in-5-levels-of-difficulty?c=series

Edited July 25, 2020 by Bombastinator

[Musty]

Garmin is back up and running today. Wondering if they caved and paid the ransom... That would have interesting implications since the rumoured hackers are subject to US sanctions. 

[Musty]

On 7/25/2020 at 4:20 AM, Spotty said:

Aren't they mostly stored offline maps that just use GPS data? They shouldn't need to communicate back to Garmin unless they're updating the map packs. Though maybe some have live updates for road works/congestion/etc?

 

But what I'm actually curious about is how does someone end up "stranded" if their Garmin GPS fails? 

Smart phones would still work and you'd be able to use Google maps/maps.

Even without a phone you would just need to follow the road signs or worst case stop and ask someone for directions.

 

GPS navigation systems are great and they do make it easier to navigate cities you're not familiar with, I've used my phone for GPS many times, but you can live without it and you're not going to end up stranded on the side of the road.

My understanding of it on the aviation side was that you had to be running the latest update to fly legally using Garmin in some places. They wouldn't be stranded in that their GPS would suddenly stop working, but if you were caught out without the most recent updates you wouldn't be up to code. (Just what I heard so to be taken with a pinch of salt).