Well, at least not too many people are flying these days. Not that THAT is a good thing in itself.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Garmin Connect Service Taken Offline Following Ransomware Attack
- Thread starter MacRumors
- Start date
- Sort by reaction score
Well, at least not too many people are flying these days. Not that THAT is a good thing in itself.
I am surprised all the news is mentioning fitness watches and not aviation. As a pilot and aircraft owner, I update my Garmin databases every 28 days with the next one coming on August 13, so there is some time but without current databases it is illegal to shoot any approaches that rely on such data. The same affect all GPS navigation if you don't have a current database. This affects a huge swath of aviation all over the world.
What amazes me is the scale of damage. It seems pretty bad that so many of their systems would be affected and that the malware could spread so thoroughly. I would have expected different divisions of their company to be segmented from each other a bit better than that to effectively prevent issues like that from spreading so widely.
Yep! Best thing for a business are chrome books for most employees, maybe Macs for upper management (if that) and 100% SaaS for all infrastructure (apps, file storage, accounting, SSO, etc.)
Ah I didn't know you could do that .. I hope it doesn't end up doubling up the rides when the sync happens.
[automerge]1595601600[/automerge]
The article I read about this earlier said that updates for the Garmin GPSes which are used in planes cannot currently be downloaded. They won't just stop working, however you get a lot of warnings about checking approaches are valid when the database expires. Garmin probably has a couple of weeks to get this fixed or find another way to get people their downloads before it becomes very much of a problem, but it does sound as if their aviation side is just as affected.
Yeah, you can find the .fit files in the ‘activity’ folder on the device.
It used to double things up, but they fixed it about 6 months ago.
The local flying club here has Garmin avionics on all their planes. They’re logging dozens of flights a day. It may not be a 737 but it’s still in the air.
I can't believe people aren't taking better measures to address this.
Admin accounts should never be used for general logon purposes, never for reading email. You have your standard user account for that.
Access to privileged systems is via a system like CyberArk, you log on to CyberArk with your Admin account and then you 'check out' the password for the account which enables you to connect / log on to the privileged system, the password resets every 30 minutes.
I know there will always be lapses but companies who care can and do put better processes in place, it will never be 100% effective but certainly much better than some it would seem.
My Vivo is working and I can see the "progress" on it. I just cannot sync it. I have always been mad that it syncs to the cloud and then back to my phone instead of to my phone and then to the cloud.
They've been down since yesterday early afternoon-ish time. Garmin Connect came up for a while this morning, and all of my years worth of data was missing. This is going to be hard for them to recover from, at least the trust of users. Wow.
And whoever does their IT should be thrown off a tall building. How could they not have methods and support to try to stop this from happening. Just incompetence. Wow...
And whoever does their IT should be thrown off a tall building. How could they not have methods and support to try to stop this from happening. Just incompetence. Wow...
No. Tracking workouts is done on the watch, GPS included. You don't need your phone to track workouts.
NB: Am affected by this as have a Garmin product.
Glad you performed a thorough analysis and debrief of the incident before suggesting who to kill... /s
I am a I.T. professional and have been involved in all aspects of system security for the past 31 years.
Do you know what the two most common passwords for a user account are? (As of 2019)
'password' and '123456'.
Does anyone wonder why systems so often get hacked?
Do you know what the two most common passwords for a user account are? (As of 2019)
'password' and '123456'.
Does anyone wonder why systems so often get hacked?
It’s actually a problem now - I fly a corporate jet with the Garmin 5000 package installed, issue is *when* the database is updated. For example, if I haven’t flown in a couple of weeks and the database expired since my last trip, I may go down to the hangar and update everything today for a trip tomorrow. Nav databases expire every 28 days. The other issue is that the Garmin Integrated Controller manages absolutely everything of the plane, including fuel management to engine power to pressurization. Garmin database updates are notoriously finicky. Had a database update once trigger a dual fuel pump failure (engines weren’t even running, making the failure message that much more bizarre)
Super huge safety of flight issue.
Excellent commentary. Thank you
[automerge]1595613260[/automerge]
This is frightening. Smells of state sponsored action.
I’ve got a Forerunner 945 that I use for a few sports-related activities. From a cursory search, I found out that the Forerunner 235 can store up to 7 days of daily tracking and 200 hours of activities without needing to sync with their cloud services - I’m assuming that the 945 can store the same or more data. I typically do about 60 to 90 minutes of athletic activites per day with the watch, and use the metrics to see how I’ve done and to gauge my weekly training load. All of my HR and training load stuff are still working perfectly. The only time I noticed a problem is when I go into my iPhone Garmin Connect app...where I see a note about “Server Maintenance”. This also means it doesn’t connect or share data with any of my other apps, so there’s that. But I’m not too anal about tracking everything...every day, so it doesn’t really bother me too much. That said, the training load calculation is my main gauge of how much/hard I’m training over the past week, and the watch gives me that directly.
This only happens if you IT staff is totally incompetent. No, not just made a small error, gross incompetence is required.
I worked for years in the aerospace and defense sector where this NEVER happens but I got exposed to the commercial world and was shocked and it amateurishness. But for them, money is tighter and short term profits seem to be the most important thing. We see this is software quality too, it costs money and delays your product if you do exhaustive testings.
This is never a case of smart hackers, it's just dumb/cheap companies.
I worked for years in the aerospace and defense sector where this NEVER happens but I got exposed to the commercial world and was shocked and it amateurishness. But for them, money is tighter and short term profits seem to be the most important thing. We see this is software quality too, it costs money and delays your product if you do exhaustive testings.
This is never a case of smart hackers, it's just dumb/cheap companies.
Given how poor Garmin's device software is, it's not terribly surprising that their IT team made such a gross error with this. I've never used a product where updating software/firmware brings so many regressions every time it's updated.
If IT people do their jobs, such passwords are not programmatically allowed.