×
INTELLIGENT WORK FORUMS
FOR ENGINEERING PROFESSIONALS

Log In

Come Join Us!

Are you an
Engineering professional?
Join Eng-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Eng-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Garrmin. Both terrible and hilarious.

Garrmin. Both terrible and hilarious.

Garrmin. Both terrible and hilarious.

(OP)
Apparently Garmin is suffering from a cyberattack. Which means that anything they made that depends on contacting the company servers can't function correctly. Which means the smart watch fitness tracking. And also means the aircraft navigational aids.

https://www.infosecurity-magazine.com/news/garmin-...

Bad for the pilots, but funny for the fitness guys.
Replies continue below

Recommended for you

RE: Garrmin. Both terrible and hilarious.

It is a little unclear what is affected.
A GPS doesn't need a connection to a server to function.
If you are using a Garmin app to fly a flight plan that depends on an internet connection to Garmin, you may have to do a manual flight plan.
I can't see where the basic functionality of their devices is compromised.
It does look like any value added apps that communicate with Garmin are toast for the duration.

Bill
--------------------
"Why not the best?"
Jimmy Carter

RE: Garrmin. Both terrible and hilarious.

(OP)
The Garmin pilot aid needs to download the current FAA maps with all the restrictions, so instead of just going to fly, the pilot now needs to read and chart all the advisories on his path. With the loss of pilot skills, that may turn many small planes into paper weights until that is over.

For the fitness apps, they use the app to download information from the limited memory on the smart watch to the Garmin servers so the data is available to all the user's devices, and now that's gone. Then, either the user has to manually delete data to make room for new data and potentially lose the records, or find a cable for a direct connection.

The failure is that many users no longer have full access to a device because computers at Garmin got hacked.

RE: Garrmin. Both terrible and hilarious.

I feel vindicated. When getting my private license 12 years ago, I refused to use the trainer with GPS until I'd "mastered" (visual) navigation without it using dead reckoning and VORs.

Not that it matters. I quickly discovered that flying is a rich man's hobby, and a rich man I am not. Oh well - fun while it lasted.

RE: Garrmin. Both terrible and hilarious.

Reminds me of a flight in a light plane over central Queensland. The pilot asked me to get that road map out of the drawer to see if I could figure out where we are. All's well that ends well.

RE: Garrmin. Both terrible and hilarious.

So is this the reason an F-15 may have come too close to an Iranian passenger jet over Syria?

RE: Garrmin. Both terrible and hilarious.

Quote (Garmin)

We are currently experiencing an outage that affects Garmin Connect, and as a result, the Garmin Connect website and mobile app are down at this time.

Yikes.
Many GPS-based systems used for navigation are dependent on having up-to-date databases. I don't know for sure off-hand, but these could be interrupted right now. There are features and functions in Garmin flight displays that would be disabled if the databases expired, and sometimes they have to be updated weekly. This is supposed to be a simple flight-plan item, not a pain in the axe.

www.sparweb.ca

RE: Garrmin. Both terrible and hilarious.

Thanks for the further explanation, Dave.

Bill
--------------------
"Why not the best?"
Jimmy Carter

RE: Garrmin. Both terrible and hilarious.

this only effects consumer units. The main nav databases are done through a different system. They are updated every month at the end of the month activation data. They are usually installed 2 weeks before the end of the month.

To be honest I have never used one of these consumer units in a spam can. It always been a chart and watch and look out he window. But I tend to agree that the tight Scotsman skill set a lot of people will have got past extremely quickly after passing the PPL where they are forced to use it.

There is a paper notam system which can be used, there is also a few other systems which can plot the notices. In this case the garmin products won't be able to display the restriction real time in the air. To be honest commercial we don't have a real time plot we just have pages of NOTAMS paper. Most of which is utter rubbish and once you have ignored all the cranes the important stuff can be summarised on 1 sheet.

RE: Garrmin. Both terrible and hilarious.

Now I feel justified to have hung onto my Garmin program they don't support anymore that keeps all of my data on my own computer, rather than having to depend on their online services. Why does everyone (companies) feel like people shouldn't be able to keep their own data these days?

RE: Garrmin. Both terrible and hilarious.

There are plausible reasons for that, namely on the software side, since online software can be updated and EVERYONE who uses the software will be immediately and totally updated. The downside is that that the software needs to be 100.0000% reliable and available; so air-gaps are a big issue, as are intermittent connections.

Having the benefit(?) of being OLD, I remember when timeshare was pretty much the norm.

TTFN (ta ta for now)
I can do absolutely anything. I'm an expert! https://www.youtube.com/watch?v=BKorP55Aqvg
FAQ731-376: Eng-Tips.com Forum Policies forum1529: Translation Assistance for Engineers Entire Forum list http://www.eng-tips.com/forumlist.cfm

RE: Garrmin. Both terrible and hilarious.

This is a good reminder to everyone that many of the programs we buy and install on our computers as 'owned' or 'lifetime licenses' now have baked into them the requirement for the app to contact the muthership frequently or the app dies.

I have a critical crytographic program called Cypherix that I recently upgraded. I told my virus program I didn't want Cypherix lighting up my router activity-light every time I use it. It's disturbing to see your router start flailing as you go to use a cryto program! My virus checker killed that dead.

30 days later I go to run the Cypherix and it refuses to open, stating "your demo period is over"!!

Turns out that while I own the program it has to talk to the corporate server once every 30 days or it stops dead. I feel this is fraudulent and evil. Of course asking them about it resulted in them never responding again.

I directed a buddy to a 3D printing slicer: Simplify3D. I own it and like it. He went off to buy it and came back to tell me he decided not to because you have to have an internet connection to use it. Crap!!

We all need to specifically find this out before we give our money to these scummy companies.

Keith Cress
kcress - http://www.flaminsystems.com

RE: Garrmin. Both terrible and hilarious.

Some time back we had a thread about an owned program that was rendered unusable by an upgrade and the ethics of hacking to be able to continue to use a program that had been vandalized by the software company in an attempt to sell a newer but inferior program.
I hate most upgrades.

Bill
--------------------
"Why not the best?"
Jimmy Carter

RE: Garrmin. Both terrible and hilarious.

In some sense, this is nothing new; it had been often mentioned that most car dealers make their money off parts and services, which is why non-OEM equipment became a thing. Even in computers, the original IBM mainframe replacement parts were so expensive that the "Seven Dwarfs" was born to compete. Interestingly, none of the seven, and later, five, dwarfs are anywhere close to even the current size of IBM.

There have always been a lot of "lockouts," i.e., methods and means to thwart competition in automobiles, including special tools, fittings, parts, etc. When ECUs became more popular, it gave people more things to hack, like ignition timing curves, partly because the low cost design approach didn't allow for expensive software design/protection, which also shows in the number of cars that have been hacked to manipulate car functionality.

TTFN (ta ta for now)
I can do absolutely anything. I'm an expert! https://www.youtube.com/watch?v=BKorP55Aqvg
FAQ731-376: Eng-Tips.com Forum Policies forum1529: Translation Assistance for Engineers Entire Forum list http://www.eng-tips.com/forumlist.cfm

RE: Garrmin. Both terrible and hilarious.

there is actually a very nice market for 386/486 RS232 port laptops/computers. I have made quite a bit of money setting them up to allow old software to use them with some disgusting old OS on them to be able to talk to some controller when the original has died.

RE: Garrmin. Both terrible and hilarious.

Spar has the John Deere problem been fixed?!? I don't see a company being that stupid in the first place ever seeing the light.

Keith Cress
kcress - http://www.flaminsystems.com

RE: Garrmin. Both terrible and hilarious.

no it hasn't i hacked one 3 weeks ago. the ex soviet tractors built in chez are a piece of piss to fix. its one of the reason why its stopping me buying a new john deer orchard tractor. if you buy a germany one they are open. But if you buy outside that market they are locked tighter than a ducks arsehole.

RE: Garrmin. Both terrible and hilarious.

Wasn't this sort of thing (vendor lock-in or need for constant reauthorisation) one of the catalysts for the open source software movement?
I can kind of understand the point for hardware interface equipment like engine ECMs but not so much for a lot of other equipment.

EDMS Australia

RE: Garrmin. Both terrible and hilarious.

A John Deere rep told me a few years ago that when the check engine light comes on on a JD, the full information shows up simultaneously on the dealer's computer.
In extreme cases such as several payments behind, the dealer can disable a JD tractor.
The next time I see my favorite mechanic I'll ask if anything has changed in the last year or so.

Bill
--------------------
"Why not the best?"
Jimmy Carter

RE: Garrmin. Both terrible and hilarious.

Quote (phamENG)

...I quickly discovered that flying is a rich man's hobby...

You misspelled "resourceful."

RE: Garrmin. Both terrible and hilarious.

I haven't kept up with the John Deere issue so I'm not sure if they still do that. I can't find any current news articles about hacking JD's, so either the affected farmers have switched to other equipment manufacturers, or JD backed off.
Last updated 2018: https://tractorhacking.github.io/

Quote (JD press release excerpt)

"Software modifications increase the risk that equipment will not function as designed," the company continued. "As a result, allowing unqualified individuals to modify equipment software can endanger machine performance, in addition to Deere customers, dealers and others, resulting in equipment that no longer complies with industry and safety/environmental regulations."

No, it doesn't really pass the smell test. But only because their statements don't actually tell you anything. Do they imply that customer safety would be endangered? The wording is not clear what the scope of the problem could be.

AH,
Are you saying the same game has been played on the <30HP tractors, too? I've only heard and read about the very large agricultural tractors affected this way.

There's a lot I don't know about the tractors that could make a difference how JD is playing this.
What kind of engine ECU/emission control do they use?
What is its legal/environmental purpose?
What rules apply to the modification or protection of the ECU settings?
How do these rules change from country to country?
How elaborate is the GPS guidance package on these tractors?
Are other functions under computer control or safety lockout, such as implement operations, power take-off?
Does hacking one part (engine parameters) adversely affect other functions (guidance, implement safety, etc.)?

My first impression comes from my own experience playing around with CANBUS outputs from my own cars with a hand-held reader. This may or may not be applicable to the JD equipment situation. I'm not a tractor mechanic. My own tractor is much more similar to Alistair's - except from Japan not Czech.
I don't have enough knowledge of how modern large agricultural tractors work to understand how complex the software is, and what the consequences of altering the software could be.

All I know is that the farmers are PO'd and they believe that JD (and the dealers) have leveraged the situation for profit.

www.sparweb.ca

RE: Garrmin. Both terrible and hilarious.

Aside from precision farming, it's still basically an internal combustion engine driven vehicle, so I can't see how that would be different than taking your car to your favorite mechanic instead of the dealer to get a tuneup or an engine repair.

TTFN (ta ta for now)
I can do absolutely anything. I'm an expert! https://www.youtube.com/watch?v=BKorP55Aqvg
FAQ731-376: Eng-Tips.com Forum Policies forum1529: Translation Assistance for Engineers Entire Forum list http://www.eng-tips.com/forumlist.cfm

RE: Garrmin. Both terrible and hilarious.

As a slight tangent, interestingly if one looks at the Nebraska Tractor tests, looks like tractor fuel efficiently is getting worse (certainly comparing my fathers 3 farm tractors, MF135, MF265 and MF4235 it did) but that could be a reflection of the increase in the hydraulic system.

RE: Garrmin. Both terrible and hilarious.

(OP)
One claim is that JD rates the same motor in different tractors for different amounts of power and artificially limits the output to produce a different price point. Farmers say they have noted no difference in displacement or parts between such engines.

Other claims are that various sensors include authentication which means that if a sensor fails a replacement will not work until the system software is updated to accept the replacement. There also seems to be a purposeful effort to change how sensor software interfaces work so that a device expected to report the same data, such as a GPS receiver, on an old model can not function on a new one.

A prime example of this is a power management chip that Apple uses; after years of using a COTS chip, Apple ordered a custom version. It has the same electrical characteristics, but appears to use a different buss address. Apple has a no-compete contract with the supplier so the part is no longer available to anyone but Apple, despite producing the same outputs. Instead of $10 or so for the part, it's now time to put the motherboard into the grinder as Apple doesn't do board-level repairs, but will sell a replacement for $1500 or so, though any data that was not backed up also goes into the grinder because the data is custom encrypted with a key embedded in a security chip. Why the grinder? Prevents repair companies getting any other chips.

"For Deere and its dealerships, parts and services are three to six times more profitable than sales of original equipment, according to company filings." https://www.bloomberg.com/news/features/2020-03-05...

Apple's situation is a little different. They don't appear to make much, if any, profit on repairs; instead they are driving customers to full price replacements.

RE: Garrmin. Both terrible and hilarious.

In several areas of the country, farmers are working around this, by refusing to buy newer John Deere equipment. They are buying good used older equipment or refurbishing the equipment they have.
B.E.

You are judged not by what you know, but by what you can do.

RE: Garrmin. Both terrible and hilarious.

The one I hacked was a big one.
There is something in German law that forces OEM to provide spare parts and allows you to fix after warranty is up. Getting the interface wire to dock the computer was the worst issue. The farmer had most orequired stuff and it's now got German firmware on it. Which allows you to reset the servicing alerts and warnings. Which the original didn't. So if a fuel oil hydraulic filter bypass triggered the farmer can replace and reset and carry on within an hour. Instead of having to join the q for a fitter to come do it. It seems to be mostly hydraulic alerts.

There are still quite a few sitess which you can get software but if I VPN over to us you can't get to them unless you use the IP address.

Don't have a clue about the small ones but remembered the discussion here. The purchase will be after I rebuild the barn so I haven't progressed very far with the research. John feer seems to have very good deals including maint for 5 years. Almost too good. None of the locals will touch them. Everything is electronically controlled including the gear box. Spare parts are not easy either.

RE: Garrmin. Both terrible and hilarious.

This is NOT meant to be an endorsement... but I have been receiving [daily] SmartBrief on Cybersecurity newsletter for many months... the depth/width/diversity of cyber issues/attacks is eye-opening and mind-numbing... and starkly educational... experience is a cruel teacher!

Todays SmartBrief on current Cybersecurity [web version]…
https://www2.smartbrief.com/servlet/encodeServlet?...

Sign-up for a 'hairy ride into the blackness'...
https://www2.smartbrief.com/signupSystem/subscribe...

Regards, Wil Taylor
o Trust - But Verify!
o We believe to be true what we prefer to be true. [Unknown]
o For those who believe, no proof is required; for those who cannot believe, no proof is possible. [variation,Stuart Chase]
o Unfortunately, in science what You 'believe' is irrelevant. ["Orion", Homebuiltairplanes.com forum]

RE: Garrmin. Both terrible and hilarious.

Back to the Garmin issue.
Years ago I had a crew working for me finishing a large department store in a new mall.
At the other end of the mall was another large department store.
Both stores had smart point of sale terminals tied back to the main in-store computer, which in turn communicated with the mainframe in the head office.
If the dedicated telephone line went down, the connection with the main computer system went down and no credit sales could be processed by the competing store.
In our store, when the telephone line was lost, credit transactions were handled locally by a stored data base which was updated frequently.
Business as usual.
How serious would it be if a software update was a day late because of a communication problem.
Just use yesterday's data, stored locally.

Bill
--------------------
"Why not the best?"
Jimmy Carter

RE: Garrmin. Both terrible and hilarious.

Pretty serious, since there's no longer any facility for storing local data in many cases, especially data that might be the target of a hack. This is one reason there is only minimal credit card information located at or near a POS. Several previous hacks occurred because POS data was exfiltrated by hackers.

Likewise, as demonstrated in several recent outages, just-in-time inventory control requires data updates, otherwise, production stops or inventory runs out.

TTFN (ta ta for now)
I can do absolutely anything. I'm an expert! https://www.youtube.com/watch?v=BKorP55Aqvg
FAQ731-376: Eng-Tips.com Forum Policies forum1529: Translation Assistance for Engineers Entire Forum list http://www.eng-tips.com/forumlist.cfm

RE: Garrmin. Both terrible and hilarious.

Not sure I want to read any more of that, Wil. Thanks for posting it anyway. Sleep well.

www.sparweb.ca

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Eng-Tips Forums free from inappropriate posts.
The Eng-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Eng-Tips forums is a member-only feature.

Click Here to join Eng-Tips and talk with other members! Already a Member? Login



News


Close Box

Join Eng-Tips® Today!

Join your peers on the Internet's largest technical engineering professional community.
It's easy to join and it's free.

Here's Why Members Love Eng-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close