
Garmin Outage Persists After 24 Hours Downtime - seanhandley
https://twitter.com/GarminFitness/status/1286273563096489985
======
mastazi
It’s not just some fitness smartwatch, as the linked Tweet might lead you to
think:

> Pilots told the tech website that they had not been able to download new
> Garmin software with up-to-date versions of the aviation database, which is
> a legal requirement for flying. The Garmin Pilot app, which is used to
> schedule and plan flights, was also hit by the attack.

Source:
[https://news.ycombinator.com/item?id=23937097](https://news.ycombinator.com/item?id=23937097)

PS in case you’re not into aviation - Garmin is used in smaller aircraft, not
airliners but this is still a significant disruption - smaller planes and
helicopters carry out important roles such as firefighting, heli ambulance,
flying doctors services (e.g. in Australia) rescue ops etc.

~~~
t0mas88
Garmin has a lot of market share in small piston / hobby flying planes, but
they're also big in small to mid size private jets and turboprops. More and
more are using the Garmin G1000 and G3000 cockpit or older models upgrading
from traditional instruments to the G600. In those cases it's not uncommon to
use Garmin Pilot + Jeppesen for the good integration with the onboard systems
when loading flightplans etc.

So this outage could be painful for some corporate flight departments and air
taxi companies as well. Luckily you can also print the charts without that
much trouble and fly like the old days.

~~~
stevehawk
But I bet ForeFlight sales just spiked

------
tallanvor
The real issue is Garmin's lack of communication.

I'd be willing to bet that their legal and finance teams are fighting to keep
them from saying anything (their earnings call is on the 29th).

So much goodwill is lost by companies that don't communicate when problems are
affecting customers.

~~~
WrtCdEvrydy
Because as a customer, you're still the product.

I'm sure any communication will have to minimize stockholder impact and will
be watered down instead of being 'Oh shit, all of our crap is encrypted'

~~~
tallanvor
> Because as a customer, you're still the product.

That is simply false. I'm fine with people making that claim about companies
like Facebook and Google - they make most of their money selling advertising,
so yes, in that sense, their users are a product they are offering to
advertisers. But that's not how Garmin works.

Garmin provides products to us, and offers services that they hope will keep
us in their ecosystem. Unless you have reasonable evidence that they are lying
in their privacy polices, such as at [https://www.garmin.com/en-
US/privacy/connect/](https://www.garmin.com/en-US/privacy/connect/) , then you
cannot reasonably make the claim you have made.

~~~
drtillberg
I understood the parent to be commenting that Garmin is repackaging customer
revenue as a securities product, i.e., their common stock, which they sell to
investors. Point being that investors are the key stakeholder, not customers.

It's not a unique POV for a company to have, it's just it's maybe more a
subject of laser focus for companies in this era.

~~~
_Understated_
That could be extended to all publicly traded companies using that logic.

~~~
jcrawfordor
And a lot of people make that argument. I'm not saying it's right or wrong,
just that this isn't some flaw in the theory - the theory is exactly that
most, perhaps all, publicly-traded companies are answerable to their
shareholders, not their customers. Attempts to reform or mitigate this often
fall under the umbrella of "stakeholder capitalism," in which the customers
are viewed as one of the stakeholders that needs representation, because they
don't currently have any.

~~~
rightbyte
I got a feeling customers are more "sentient" than stock holders that can't
care less about the whys or whats about the company. It is just another stock
in the portfolio that is traded at market equilibrium among other stocks.

The customers has to do a informed choice.

------
kelnage
Rumour has it that it's been caused by a ransomware attack (although Garmin
hasn't commented publicly) - I can't think of much else that would cause such
a long outage.

~~~
moooo99
I thought the same. Especially the fact that their webservices as well as
their callcenter and other support systems are down screams ransomware attack.

------
Kototama
My experience with Garmin devices is that the hardware is good but the
software is average. GPS device for example are robust and they can function
both with batteries and piles BUT the software can crash, searching for names
on a map or entering text is almost guarantee to not work. They are years
behind Android for example for user friendliness.

~~~
vinay427
Their main distinguishing market at the moment seems to be wearables for
athletes as well as dedicated GPS for aviation, etc., not consumer turn-by-
turn navigation where smartphones can perform adequately. For example,
tracking and providing analytics for training, particularly for running,
bicycling, and other distance-based outdoor activities.

~~~
walrus01
that also seems to be a much higher value business - towards the tail end of
when dedicated gps navigation devices were reaching full saturation, before
everyone switched to just using google maps or waze on their phone, they were
down to like $89 per piece... Or the functionality is now built directly into
the car. Whereas the higher end fitness watches and their 'tactical' product
lines are $350 to $950.

------
zenexer
Better link with more details: [https://www.zdnet.com/article/garmin-services-
and-production...](https://www.zdnet.com/article/garmin-services-and-
production-go-down-after-ransomware-attack/)

A couple important excerpts (there's a lot more detail in the article):

> ... flyGarmin has also been down today. This is Garmin's web service that
> supports the company's line of aviation navigational equipment.

Other HN commenters have already elaborated on the implications of that.

> ... while we confirmed that this is a ransomware attack, we could not 100%
> verify claims that this was caused by WastedLocker.

Garmin hasn't officially commented on the cause, but they did tweet that their
call centers are down
([https://twitter.com/Garmin/status/1286278816302850048](https://twitter.com/Garmin/status/1286278816302850048)):

> This outage also affects our call centers, and we are currently unable to
> receive any calls, emails or online chats. We are working to resolve this
> issue as quickly as possible and apologize for this inconvenience. (2/2)

------
dveeden2
[https://status.inreach.garmin.com/](https://status.inreach.garmin.com/) has
some status updates and says that SOS communication isn't affected.

~~~
205guy
More precisely:

"inReach SOS and messaging continue to work."

"inReach SOS and messaging have been fully functional and remain so."

This is reassuring because people who go to remote places and rely on the
inReach satellite SOS and messaging have not been affected. If they had been
affected, they would've been cut off with no explanation--for example unable
to relay status to family, or to request an early pickup. While not in itself
life-threatening, it would cause a lot of unnecessary worry and possibly
unnecessary rescues.

I had wondered if their satellite messages was affected. Obviously, a message
goes from the unit in the field to a ground-station, and then to the
recipient's regular messaging or email. The question is whether it touched one
of Garmin's servers to do that, and if that server was affected--apparently
not.

~~~
notacoward
I'll bet there's a PM somewhere who had to fight like hell to keep those
systems separate and is feeling pretty damn vindicated right now.

~~~
phatfish
There must be some regulations that need to be met to run an SOS service? I
bet if those didn't exist the SOS service would be down now as well and
peoples lives would be in danger.

The rest of their services clearly had as little spent on them as possible to
"maximise shareholder return".

------
svacko
More on this topic:
[https://www.theguardian.com/business/2020/jul/24/smartwatch-...](https://www.theguardian.com/business/2020/jul/24/smartwatch-
maker-garmin-hit-by-outages-after-ransomware-attack)

------
Animats
Is this affecting anything important, like aircraft, boat, or car navigation,
or just the fitness trackers?

~~~
civil_engineer
Oh man. I was mildly amused that people couldn’t access their fitness history.
I just tried to access flygarmin.com to update my aircraft’s aviation
databases, and this shit just got real.

My airplane is grounded for IFR flights — I always fly IFR. I pay Garmin
$865/year for subscription. There are thousands of aircraft in the same
predicament.

~~~
_fat_santa
Does Garmin offer an SLA on these services? I feel like if I paid that much
annually for a service they better well give me an SLA.

~~~
civil_engineer
I don’t know. I’ve never even thought about it. Until now.

------
BikerGolfer
For a view of how GARMIN must feel right now:
[https://www.feltet.dk/octo_cms/files/Feltet.dk/Billeder/2014...](https://www.feltet.dk/octo_cms/files/Feltet.dk/Billeder/2014/Lob/Giro_dItalia/1_etape/Giro_2014_1_etape_TTT_Garmin_-
_Sharp_styrt_.jpg)

------
voxadam
[https://news.ycombinator.com/item?id=23926289](https://news.ycombinator.com/item?id=23926289)

------
walrus01
Two weeks ago I posted that I was suspicious of using 'cloud' based fitness
data aggregation systems:

[https://news.ycombinator.com/item?id=23775957](https://news.ycombinator.com/item?id=23775957)

In this case I hate to be proven right, but it's not looking good for Garmin.
There's lots of road cyclists out there with $750 useless watches now. I can
tell you that after this event the odds of me ever purchasing a Garmin device
that relies on anything 'cloud' based have even further decreased.

Even if the watches can function offline, how can anybody have any degree of
trust that all of their previously uploaded data has not been stolen? Based on
the reported use of ransomware and the very lengthy downtime, it really sounds
like Garmin's network was owned quite thoroughly. Is there some group out
there now in possession of hundreds of thousands of .gpx files with detailed
tracking points of peoples' residences, favorite running and cycling routes,
and what times of the day they're usually away from home? Nobody knows.

After seeing 20+ years and many dozens of instances of data breaches from this
that we would now define as 'the cloud', I find that the only solution is to
simply not upload to a third party anything you consider proprietary
information.

Meanwhile my fully offline or local-workstation-hosted GPX based tracking
method continues to work normally.

~~~
SCdF
> There's lots of road cyclists out there with $750 useless watches now. I can
> tell you that after this event the odds of me ever purchasing a Garmin
> device that relies on anything 'cloud' based have even further decreased.

They work offline. At least, as much as I use mine it still functions, there
may be more advanced features.

> Meanwhile my fully offline or local-workstation-hosted GPX based tracking
> method continues to work normally.

You can still get the gpx files right off the watch. Apart from that, this is
the classic Hacker News argument of "why do the normies rely on these cloud
services it's trivial to <insert giant complicated setup here>".

It's awesome that it works for you. My parents, one of whom in his retirement
hacks on code that combines local drone captured data with local government
LIDAR data and parses it for more accurate maps of his lifestyle block, don't
have time for those shenanagins. The expectation that everyone does is folly

~~~
walrus01
it's not a giant clunky complicated setup - it's a 15 second process once a
week of transferring a gpx file from an android phone over to a PC running
this:

[https://www.gpxsee.org/](https://www.gpxsee.org/)

If I really wanted to automate it, I would use some sort of tool to do the
equivalent of a cron job to scp the files from the contents of
/sdcard/bike/*.gpx to my desktop PC.

~~~
SCdF
As the other person said, all that you're doing can still be done by these
watches if people want to.

On your system though: what happens if your computer crashes, gets a virus or
you otherwise lose the data? You should probably have a backup system right?
Now you're adding more steps, and either doing a reasonable complicated 321
setup manually, or back to involving the cloud.

I'm not saying what you're doing is bad, but dismissing easy to use cloud
systems is just silly. Ironically I push my runs to the cloud (or clouds, as I
go watch -> garmin -> strava) _because_ it's an offsite backup that I don't
have to manage. I also then export strava data and re-back it up myself, but
I'm a tech nerd so that's just icing.

You're also side stepping any social features. I know people who are very
encouraged to exercise because they see their friends doing it, or because
they get kudos / likes and praise when they post their workouts. This may not
be important to you but for many people it is.

~~~
DebtDeflation
>I'm not saying what you're doing is bad, but dismissing easy to use cloud
systems is just silly

I think what people are really trying to say is that the Connect app should
have some sort of "Store my previous n number of Activities locally on my
phone for offline viewing" option. These files are typically just a few MB and
my Android phone has like 4X as much storage capacity as my Fenix watch. As it
stands, I can't even execute a sync between my watch and my phone right now
because their cloud is down and that's just ridiculous.

~~~
walrus01
Why a cloud based service failure should be a barrier to transferring files by
Bluetooth or wifi between two devices in the same room is absolutely
ridiculous.

------
jpayeur
This is not good but sadly any source of massive amounts of user data will
continue to be targeted in this day and age. I'm an avid cyclist and use
Garmin Edge GPS cycling computers. Luckily they store activities locally. I'm
sure I'll be able to sync my rides soon enough ;)

------
BikerGolfer
Asked in a related thread already, but bigger audience here: Does anyone know
who runs/hosts/maintains/secures GARMIN servers? Are they owned and operated
by the company itself or is all or parts of it outsourced?

------
Squarex
Should I block credit cards i have connected with Garmin Pay?

~~~
minaguib
Forensics can sometimes prove "X happened", but not "Y didn't happen".

That's why sometimes companies will make statements like "we have no evidence
that the hackers did Y1, Y2 or Y3". It doesn't mean anything really.

That is to say, once Garmin becomes communicative again, they may be
prescriptive in answering questions like yours head-on, or due to lack of
concrete proof, punt and obfuscate.

Suffice to say, it appears they've been owned through-and-through, so you may
want to err on the side of caution.

~~~
minaguib
Welp, here it is - from [https://www.garmin.com/en-
CA/outage/](https://www.garmin.com/en-CA/outage/) :

> Garmin has no indication that this outage has affected your data, including
> activity, payment or other personal information.

