Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

Garmin Connect Service Taken Offline Following Ransomware Attack

MacRumors

macrumors bot
Original poster
Apr 12, 2001
51,518
13,150


Garmin has been hit by a ransomware attack that encrypted the smartwatch maker's internal servers, forcing it to shut down its call centers, website, and the Garmin Connect service, which users rely on to sync their activity via the mobile app.

Image: Victor Gevers

In messages shared on Twitter, the company apologized to users and gave details on the extent of the forced shutdown.

The attack also affected Garmin's aviation database service, flyGarmin, which supports aviation navigational equipment, and some production lines in Asia, according to ZDnet.com.

Officially, Garmin has not referred to the outage as the result of a ransomware attack, but company employees have since taken to Twitter and described it as such.


Taiwanese tech news site IThome published an internal memo from Garmin's IT department to its Taiwan-based factories announcing two days of maintenance on Friday and Saturday, which sources told the website was down to a "virus."

(Via The Guardian.)

Article Link: Garmin Connect Service Taken Offline Following Ransomware Attack
 

GeoStructural

macrumors 6502a
Oct 8, 2016
591
1,888
Colombia
Cybersecurity has never been so prevalent and important. Many companies have a hard time recruiting capable people in a field that is ever changing and the most talented minds are usually not interested in that kind of job.

This is also a testament that you should not trust your data or your service rely on the infrastructure of any company... Garmin is a large enterprise and even them can suffer these attacks, I remember recently an app bugging me to use their cloud client, definitely not! I use OneDrive as main service, iCloud as backup and an old school SSD hard drive just in case.
 
Last edited:
Comment

nikon1

macrumors regular
Sep 15, 2014
105
128
Somewhere In South Jersey
When are businesses that are so internet dependent going to learn just how important security is, not only to their business but to their customers as well. It seems like many businesses consider connected security as just an afterthought, a “cost center that reduces their profitability” as opposed to a core cost to maintaining their business and customers security.

While I realize this sounds like a “Monday morning quarterback” comment, it doesn’t make it any less crucial.
 
Comment

nwcs

macrumors 68000
Sep 21, 2009
1,999
2,721
Tennessee
It is the squirrel and bird feeder problem. If the squirrel wants to get the food it will spend as much time as it takes to foil whatever you setup as defenses. The squirrel also has a lot more time than you do to figure it out. Security is the same thing. The criminals simply have more time and motivation to breach the defenses.

They’re either paid by the state or doing it for some “cause” where companies have to actually be profitable and pay people. And doing full security on a large scale is simply difficult and expensive. You have layers of issues to deal with from hardware to software to wetware (people). Like with Twitter’s recent security issue, all it takes is one rogue employee (whether enticed or coerced) in the right place to thwart even the best security.

This should provide a warning for people that as we put more faith in online services and governments move to weaken security measures in the name of providing “security to the people” this puts the companies at a big disadvantage and these incidents will only get worse until something forces the industry to change in one form or another.
 
Comment

Morgenland

macrumors 6502a
May 28, 2009
927
874
Europe
What a peculiar company this is. First it buys the company Navigon in Germany to destroy it, and then it can't even handle IT. On my black list now ;-)
 
  • Like
Reactions: gene731
Comment

minimo3

macrumors 6502a
Oct 18, 2010
505
382
You can spend tens of millions and hire the top security folks to implement the most sophisticated WAFs, patch all your servers, run static and dynamic scans, train your developers to write secure code to prevent XSS, SQL injection, pay a CDN to prevent DDOS, install IDS, but all it takes is 1 employee to click on an email attachment that looks legit (eg the FROM field lists the CFO) and their workstation can be compromised. From there the attacker can harvest their network domain password which probably has SSO across multiple systems and then slowly escalate their way to find privileged access to a critical system. So you might think that you could prevent this by eliminating any internet access for all employees - airwall. Even then its not secure, the Stuxnet worm was introduced into an Iranian nuclear reactor by someone plugging in a USB stick. So really the only way to secure your company is not to have any systems connected to the internet (you correspond with them via the postal service or Fax/telephone) and superglue shut all the USB ports, dvd drives, as well as disable Bluetooth, WiFi. Kinda hard to work like that though
 
Comment

therunningman

macrumors member
Aug 30, 2017
33
69
So if you own one of their pieces of hardware (watch, GPS, etc) does that mean that it is pretty much not working right now?

From what I've seen, the watch is still gathering data. But it can't upload the data to the Garmin servers for analysis. For example, sleep tracking is unavailable. Right now, the only items showing up for me are steps, floors, and calories. Right now, my Garmin is a pedometer, and that's about it.
 
Comment

fhall1

macrumors 68040
Dec 18, 2007
3,549
798
(Central) NY State of mind
These successful attacks are only going to get worse in the next few years. Most executives don't view IT security as that important. Certainly not worth the money it takes to secure things properly.
I retired in 2015 and before that spent 30+ years in IT. Your statement has been true all that time, and is still true.
 
Comment

Moakesy

macrumors 6502a
Mar 1, 2013
519
1,060
UK
I use their bike computer. It still records data, but can’t upload it for analysis or forwarding on to my Apple Watch or Strava.

I can manually load my rides to Strava by old school plugging it into the laptop.

their next issue will be when they do bring things back, the flood of data as everything syncs back up again.
 
Comment

ginkobiloba

macrumors 6502a
Jul 2, 2007
567
1,497
Paris
Well, this is the future of criminality. Hospitals being ransommed, entire cities powergrids being ransommed, airplanes being hacked while flying, and of course nuclear reactors being ransommed ( coming soon next to you).
The appeal of making a quick buck was always bigger than the necessity of strengthening the foundations of the Internet network. Now we're going to pay for it until some real disaster happens at the touch of a button.
 
Comment

hvfsl

macrumors 68000
Jul 9, 2001
1,844
144
London, UK
I work in IT and sometimes deal with issues like this. There was one company we dealt with a few years back that had this issue (they have many servers/users in many locations across the world). What seems to have happened with them is the hackers managed to get hold of someone's admin details (wouldn't surprise me if someone just entered into a link they got in a spoof email), remotely logged into a server and then just installed their software which then went round every computer in their network, encrypting everything. They had backups, so had to wipe and restore every computer/server on their network.
 
Comment

hubieonekanubie

macrumors regular
Jul 15, 2010
221
204
Kansas
I have a handheld GPS that I don’t have connected to garmin connect (Which it isn’t capable of) to navigate on the lake and it’s working just fine. I doubt that I could do any updates at the moment though.
 
  • Like
Reactions: fhopper
Comment

nylonsteel

macrumors 65816
Nov 5, 2010
1,315
288
alot of hackers in the news lately making successful hacks into major companies - scary
 
Comment

urnotl33t

macrumors regular
Jan 26, 2017
199
278
Cary, NC, USA
It is the squirrel and bird feeder problem. If the squirrel wants to get the food it will spend as much time as it takes to foil whatever you setup as defenses. The squirrel also has a lot more time than you do to figure it out. Security is the same thing. The criminals simply have more time and motivation to breach the defenses.

They’re either paid by the state or doing it for some “cause” where companies have to actually be profitable and pay people. And doing full security on a large scale is simply difficult and expensive. You have layers of issues to deal with from hardware to software to wetware (people). Like with Twitter’s recent security issue, all it takes is one rogue employee (whether enticed or coerced) in the right place to thwart even the best security.

This should provide a warning for people that as we put more faith in online services and governments move to weaken security measures in the name of providing “security to the people” this puts the companies at a big disadvantage and these incidents will only get worse until something forces the industry to change in one form or another.

You’re correct. However the issue people miss is that they see “ransomware attack” and think “computers”. No, it’s the “Windows platform”. People need to drop Windows like a bad hot potato and this problem goes away. “Cloud” allows that now. Next to zero need for Windows on a computer anymore. Some edge cases, yes, but not as your main platform; you don’t need to do general browsing and mail on your gaming rig, either.

Oh yes our Macs aren’t perfect either. But our Mail clients and browsers don’t do this crap. Plus we can still add printers without having to be local admins!
 
Comment

MacCheetah3

macrumors 6502a
Nov 14, 2003
959
307
Central MN
It is the squirrel and bird feeder problem. If the squirrel wants to get the food it will spend as much time as it takes to foil whatever you setup as defenses. The squirrel also has a lot more time than you do to figure it out. Security is the same thing. The criminals simply have more time and motivation to breach the defenses.

They’re either paid by the state or doing it for some “cause” where companies have to actually be profitable and pay people. And doing full security on a large scale is simply difficult and expensive. You have layers of issues to deal with from hardware to software to wetware (people). Like with Twitter’s recent security issue, all it takes is one rogue employee (whether enticed or coerced) in the right place to thwart even the best security.

This should provide a warning for people that as we put more faith in online services and governments move to weaken security measures in the name of providing “security to the people” this puts the companies at a big disadvantage and these incidents will only get worse until something forces the industry to change in one form or another.
You can spend tens of millions and hire the top security folks to implement the most sophisticated WAFs, patch all your servers, run static and dynamic scans, train your developers to write secure code to prevent XSS, SQL injection, pay a CDN to prevent DDOS, install IDS, but all it takes is 1 employee to click on an email attachment that looks legit (eg the FROM field lists the CFO) and their workstation can be compromised. From there the attacker can harvest their network domain password which probably has SSO across multiple systems and then slowly escalate their way to find privileged access to a critical system. So you might think that you could prevent this by eliminating any internet access for all employees - airwall. Even then its not secure, the Stuxnet worm was introduced into an Iranian nuclear reactor by someone plugging in a USB stick. So really the only way to secure your company is not to have any systems connected to the internet (you correspond with them via the postal service or Fax/telephone) and superglue shut all the USB ports, dvd drives, as well as disable Bluetooth, WiFi. Kinda hard to work like that though
I immediately thought of the employee mistake factor, and how this is a common avenue, which is why good layers are necessary even internally. The recent Twitter incident also demonstrated such a problem. Nevertheless, as pointed out, it's almost impossible to block every problematic path. In a cryptography course I participated in recently, we looked at the incident of Maersk's encounter with Notpetya, how widespread it was and how difficult it was to recover from. That particular case not only highlights the importance of good internal security layers but also how critical a well thought out recovery plan is. Specifically, how quick can systems be restored and certainly the security of the recovery plan, e.g., will our backups be infected/affected?

Basically, security needs to be thought of as a full-time, full-scale job and be augmented by a solid backup plan.
 
Comment

hortod1

macrumors 6502
Jan 26, 2009
330
673
This is worrisome. Garmin is huge in the aviation industry. Thousands of pilots rely on their navigation equipment. Let's hope that side of their business is better protected.

Was just going to say the same thing. An outage of fitness products is an inconvenience. An outage of aviation products is a matter of flight safety.
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.