Garmin services and production go down after ransomware attack | ZDNet
Smartwatch and wearable maker Garmin planning multi-day maintenance window to deal with ransomware incident.
www.zdnet.com
Garmin hack
- Thread starter johnbryanpeters
- Start date
www.zdnet.com
I was just thinking about getting a garmin too
Ransomware lol. Employees are so damn stupid. The only way to (hopefully) stop shit like this is to lock down the computer hard. You hire people who can do one thing sufficiently well and they are usually idiots otherwise.
When I played with firewalls for a living, you better believe that shit was locked down hard.
I got so much "unofficial" flack because people could not play games or listen to streaming music "at lunch" etc etc.
But between me and the GroupPolicy guys, we were able to keep on top of it.
(mostly
)I think @canadmos is now fighting the good fight.
The problem is half the damn software developed for us doesn't work with all the restrictions they put on our computers. It's a never ending cycle of stuff that doesn't work (that is supposed to). My latest fight was with remote voicemail retrieval, since we are not in the physical office. There's supposed to be 3 ways, one of which is online, to get it, but 0 out of 3 worked. The online way doesn't work with how our browers are locked down and IT can't figure out how to make it work. It's a miracle anything works for us.When I played with firewalls for a living, you better believe that shit was locked down hard.
I got so much "unofficial" flack because people could not play games or listen to streaming music "at lunch" etc etc.
But between me and the GroupPolicy guys, we were able to keep on top of it.
(mostly
I think @canadmos is now fighting the good fight.
No looky good.
Garmin's answer to this will be that your product is out of warranty and you need to buy their newest device.
I am concerned about a loss of my personal data. Common Garmin...
have they stated anywhere how long activities will remain on a given device without being synched before they are lost/deleted?
Would depend on the device, I can probably fit a few thousand rides on my 830 without uploading.
my watch (vivoactive HR) stores maybe a weeks work that i can access on the device. not sure if they're stored longer and not displayed or what
Wow, imagine if they'd made it so you could upload your data to your phone locally rather than having to rely on the Garmin cloud thingy.
Never really understood why they would want to host all the users' data if they said they'd never sell it to advertisers.
My tinfoil phone can't do BLE so my Garmin can't be used anyway, happy days.
Never really understood why they would want to host all the users' data if they said they'd never sell it to advertisers.
My tinfoil phone can't do BLE so my Garmin can't be used anyway, happy days.
I think by now we can safely assume that any personal data in the cloud is not safe and as the value of data goes up and up it will be stolen even more.
Some people have years worth of logged activities, myself included. That being said, I think it's definitely a shortcoming of the system that it won't sync and store on a local device before being pushed to the cloud, especially in the event of a server outage.
Yeah I had mine mostly for sleep, after using a proper sleep study machine I got to see what my normal apnea looked like and I could see it on the Garmin.
But you can't view more than a couple or nights of sleep without the phone having to reach to the dick pics in the sky to retrieve the data, bought an oximeter, it can't track my rides but it doesn't make up a bunch of fake shit about my sleep, just gives me stats.
I can't remember which app I used in the end with my Garmin, there are ways to keep your data local.
But you can't view more than a couple or nights of sleep without the phone having to reach to the dick pics in the sky to retrieve the data, bought an oximeter, it can't track my rides but it doesn't make up a bunch of fake shit about my sleep, just gives me stats.
I can't remember which app I used in the end with my Garmin, there are ways to keep your data local.
$10 million ransom demand. Ouch.
www.forbes.com
Will Garmin Pay $10 Million Ransom To End Two-Day Outage?
Garmin is reportedly being asked to pay a $10 million ransom to free its systems from a cyberattack that has taken down many of its services for two days.
www.forbes.com
Back in 2000 when I used to sell back up systems we would always tell the customer to back up critical data on WORM media. You may lose today's crap but you could find a prior safe point and restore.....
There are usually two/three problems here:
1) no amount of backups will save you, if you backed up shitty or "infected" information.
2) even if you do have backups, have they ever been tested and will it work? A lot don't actually know.
3) your reputation as a business is now tarnished, even if you recover, people will (and should) look at you differently.
Garmin outage caused by confirmed WastedLocker ransomware attack
Wearable device maker Garmin today had to shut down some of its connected services and call centers following what the company calls a worldwide outage.
Our techs did the installs and tested the back ups. only way we would guarantee the systems. Now if they declined the service contract it was on them after that. Our stuff went into the National Reconnaissance Office, Experian, The Fed. the big boys..
But is this not true of anything?
If you build something mission critical and don't test, who's fault is it?
We used to do full and partial restore tests.
Hell, that old Honeywell DPS-11 used to crash and need a restore so often that I wondered why we tested sometimes.
Policy and Procedure mean nothing without the right people.
So I just checked my watch, not sure how many activities it holds total, but it had 33 on there (yeah, so I took the opportunity to delete some) and I'm sure it could do more. I was able to hook the watch up to computer with USB and DL the files directly, then upload directly to strava. I don't really use the garmin connect site/software, except to sometimes see HR and temp detail that doesn't show up on strava.
$10 million ransom demand. Ouch.
Will Garmin Pay $10 Million Ransom To End Two-Day Outage?
Garmin is reportedly being asked to pay a $10 million ransom to free its systems from a cyberattack that has taken down many of its services for two days.
That's a lot of dentist duckits
Thank god my ability to boast my accomplishments on zoom meetings will be preserved
10 million - these hackers are not very ambitious 
I sure hope Garmin do not pay them anything and use the money to give me a free unit instead of.
I sure hope Garmin do not pay them anything and use the money to give me a free unit instead of.
activities appear to be synching again. i saw online that they are restoring basic functionality.
Not for me. :/ but I don't really care. I'm not sure why I use Strava, other than to keep a log of my rides and put pictures up sometimes. On the other hand, I find I'm compulsively checking my Strava now... maybe this is a wakeup call?
Looking at strava and posting pictures is way better than other social media things. At least you're actually doing something when you post...
Many of these high-profile attacks are often targeted, sophisticated hacks, and they tend to compromise employees who actually have the access that they need.
0-days come out all the time, and at a certain point, people need write-access to things.
Obviously we don't know exactly how this one occurred so it may have just been stupidity. But designing systems at this scale that don't have single points of failure is really hard, and a failure like this is as likely to be big architectural problems as dumb users with admin access to their laptops.
It'd be interesting if Garmin releases a post-mortem of more detail than, "lol sry guys, we'll do better in the future."
it's too late!!!! ALL YOUR HEARTRATE ARE BELONG TO HAXORZZZSZSZ!!!1!1!1!!
Agreed. I like seeing everyone's activities and pics. Plus it's fun to earn free shit for completing challenges, when the challenges are things I was going to do anyway.
It was amazing to see so many people so pissed off about not seeing their data in Strava, TrainingPeaks, or wherever, when all they had to do was connect their device via the USB cable and manually upload the activities. Of course, I did that, and then when Garmin came back online this morning, shit got loaded again.
This Garmin outage was a minor annoyance to me, but I can see the bigger issues Garmin needs to address, which I am sure they will say nothing about based on what I've seen from them over the years:
- How the hell did they let themselves get taken over like this? I am not an IT guy, and I don't know anything about network security, but what the fuck???
- A complete lack of communication to their users during the downtime, leaving everyone completely in the dark. Third party app developers such as Strava and Ironman did a better job of communicating, including workarounds.
- Garmin's map update for Fenix users went out during the downtime and fucked up many peoples' devices, and again, no communication about it or how to fix it. I had to read about it from an article a fellow runner posted. Reboot the device, clear the history, and I was good to go. This would not have been hard to tell users.
You are pretty smart with this stuff. Do you think they've already identified the access point and how it was compromised?
The implications for security and safety are huge, given aerospace's reliance now on garmin for navigation (databases, navigation information, etc.)
It's very likely, otherwise they probably would have not opened up services again. Most breach response playbooks would require either that you identify the original entry point or do some major risk mitigation prior to re-establishing production access.
No guarantees, of course. The pressure of the C-suite screaming at you and threat of lost business can certainly cause irrational decision-making, and it's also entirely possible for them to mis-identify the original entry point. But the black eye of having a second breach in a short period of time is probably enough incentive to keep them cautious.
I would love to see the post-mortem report on this.
If anyone wants to read a really great breakdown of what happens when a global company gets hit with something like this, give this article a read:
The Untold Story of NotPetya, the Most Devastating Cyberattack in History
Crippled ports. Paralyzed corporations. Frozen government agencies. How a single piece of code crashed the world.
It also demonstrates why sometimes user education and locked down workstations are ineffective. You need better tools and better architecture.
Yep. That, to me, is way more interesting than ten million Strava tracks not syncing.
If you can't trust the infrastructure, you can't use it for aerospace. Not to mention the InReach systems which are used for life safety. From what I read, the InReach SOS function wasn't affected, thankfully. But still.
And less assholes doing this crap for nefarious purposes.