Too bad, love Garmin’s products, if you ever have to make a detour someplace where the cell service isn’t great you want to have one of their GPS units. I don’t trust any phone apps outside of a major city. But sounds like they have some serious IT issues if hackers can cause this much disruption, you would think there should be some compartmentalization between the personal and professional products, between manufacturing and web presence. You can bet there will be after.
It's quite likely that compartmentalization exists, but their response to the attack was to turn everything off until they could figure out how to proceed.
Some Garmin devices can receive traffic data via radio, which your phone can't do. Garmin also usually has business names and gas stations, whereas I've found Google maps offline will only let you navigate to a specific address (Android), and it's reliant on you remembering to store the map offline. If you found yourself in an area without signal, and you didn't pre-save, you'd be screwed, which I've had happen plenty of times.
Personally I use offline maps, but only on specific trips where I know for sure I'll have no data
It’s one of those always be prepared things - I was making a routine trip through Albuquerque once where just outside of Tucumcari I encountered a traffic jam from a huge crash up involving many vehicles and fatalities that ended up closing both directions of the interstate for ten hours. I managed to get off onto a farm road and found path around the accident - fifty or sixty miles of two and one lane farm roads, barely populated, at dusk. Passed more rabbits then cars. Twice I had to get out and check what was on the other side of the hill I was about to drive over. But turns out they were real roads and I made it To Albuquerque in time for a really late dinner at Waffle House. The interstate opened back up about six hours later. Would I ever have attempted that with only a phone? Never. If my route got cleared for any reason I’d have been in a bad situation. I don’t trust a phone app would have downloaded enough information to even compute an epic detour like that - I went well over thirty miles away from the original route before reaching the road that went back.
I'd be shocked if they ever admit it was ransomware. Besides nearly no public response, what they finally put out still just frames this as an "unfortunate outage", sidestepping the reality of a (likely) massive data breach.
I am shocked that once again another company is willing to do their brand serious damage by keeping quiet and not trying to allay customers fears of stolen information, compromised app updates, and $800 paperweights.
Pilots can't update their flight databases, an FAA requirement, nor upload flight plans, so it's more serious than some are claiming. And yet, near silence.
Customers don't need to be "allowed" to protect their data.
I promise you that several major companies have already been quietly breached and credentials stolen.
> credit cards, change passwords
Are already stolen, Garmin hack or not.
1. Your credit card number is public. Deal with fraudulent activity in the usual way.
2. Passwords should be unique. Non unique passwords are already stolen, and unique ones probably are. 2FA and suspicious login detection is what protects you.
I used 'allow' as in, "take into consideration", not "allowed to do something."
You're not wrong, but the huge difference is knowing about specific attacks versus constantly assuming your data is always compromised. Changing your password daily, and canceling your credit card for a new number daily, regardless of breach, is basically what you're suggesting.
Further, we still don't even know if it is in fact a hack, which is the point. If they simply came out and said that their production line got ransomware, but user databases were unaffected but taken offline as precaution, that would go a long way to suggesting what level of mitigation is necessary
My Android phone is now giving me notification of an updated version of Garmin Connect and I am feeling reluctant to install. Does anyone know, is there any way to verify that the changes are safe ? (Changelog, audit, integrity check) does Google Play verify an update in a case like this? I don't know how this works
In a scenario where Garmin is completely compromised, is it unthinkable that the attacker could also distribute malicious updates to millions of devices ?
If governments made it illegal to pay ransoms, this sort of thing would happen 100x less often. What did they always say in 90s action movies: “the policy of this administration is to never give in to terrorist demands”?
A bleepingcomputer article linked below mentions it's possible Garmin would be violating US sanctions by paying the ransom, since Evil Corp (the supposed operators of this ransomware) was sanctioned by the US Treasury department
What the government needs to do is do it's job of providing national security and mandate serious security protocols and help deployment funded by progressive income and wealth tax or steep fines covered by insurance with rates set by appraisers.
Garmin's stock price has dipped slightly since the beginning of the reported outage and ransomware news and may continue to do so - I speculate perhaps these actors might also double-dip on their attack by both ransoming the data and selling/purchasing options on the company's underlying stock, especially if they are more aware of how much damage they're able to inflict than the company themselves
Anecdotally, my son got Vívofit jr for his birthday on Thursday, we tried to set it up and couldn’t... the app was reporting server error that day and the next day. The only thing I could think of was that they don’t have any monitoring for their server APIs... but this explains it.
