Garmin’s four-day outage reflects incompetence

A screenshot of Garmin's (@GarminUK) Twitter feed, which contains information and apology about the recent outage but no explanation about its origin or how long it might take to fix.
Garmin’s Twitter feed, Sunday evening (26th July)

Last Thursday when I started work, driving a truck for a flooring company, I attempted to connect my new Garmin sat-nav to get software updates. It told me it couldn’t connect to the update server. I assumed it was an issue with my mobile network and resolved to try again later. However, later that evening, the Garmin Express app on my home computer told me the same. I looked at Garmin’s Twitter feed and there was a pinned message that all of Garmin’s systems were down, including their update servers and their phone systems, which meant they could not offer telephone support either. Over the last few days, it has emerged that the outage is result of a ransomware attack, in which a malware program encrypts the victim’s files and demands money for the key to decrypt it, by a Russian-based group which has attacked a number of other large companies and demanded millions of dollars each time. While it doesn’t affect the day-to-day running of my sat-nav, it does affect other devices, including smart watches and aircraft navigation units, which rely on connectivity with Garmin, and this has resulted in planes having to be grounded. As of Sunday evening, the Garmin Twitter feed only offers the notice of the outage and an apology, with no explanation nor any indication of how long the problem will take to resolve. (However, Garmin Express, the update system for sat-navs, seems have come back online as of Sunday evening.)

The new sat-nav I tried to update last Thursday is my fifth Garmin sat-nav. I make a point of buying new devices in the £300-400 price bracket when they come out and reviewing them, sometimes sending them back if they are inadequate (which both TomTom units I bought were). I have been using Garmin devices for most of the time I have been driving trucks and they are the best on the market, which does not mean they are not sometimes frustrating to use. They have the best selection of features available; I don’t need a built-in TV (offered on some Snooper devices), though people might if they have to stay away several nights, but I do need hands-free phone use which is inadequate on TomTom, absent from Snooper and Aguri and a few years ago, Garmin’s Dezl 780 dropped the feature without explanation. Oddly, the smaller 580 retained it; I reasoned that it was the result of the 780 having a new Android back end, so as to enable it to link to new American tachograph systems, but I had to file a report with Garmin to find out that the omission was by design. As I drive different trucks week to week, I need vehicle profiles and not just the ability to set the weight, height etc for the specific journey, which is all TomTom’s devices offer. And I need it to be fast and responsive; TomTom’s truck navigators certainly aren’t.

That Garmin could fall victim to a scam like this is a very poor reflection on their competence, to say the least. Surely their data should have been backed up regularly, so that any malware attack could have been circumvented by simply restoring an update from before the malware took hold. This kind of backup system is easily obtained and built into some operating systems (Mac OS, for example). Surely also their update repositories should have been mirrored on other servers around the world, as is the case with open-source software which can be downloaded from several servers in each country. Admittedly, organisations offer mirror services to open-source projects as a service to the community, but surely commercial organisations like Garmin could pay for space as well. It will need to be investigated how this malware became active on Garmin’s systems; according to Bleeping Computer, it is distributed using fake software update notifications issued by the attackers’ own JavaScript framework. The attacks take advantage of vulnerabilities in Windows, of course. It raises the question of why anyone is still using this operating system for mission-critical back-end use when there are much more secure alternatives available.

The new sat-nav (the Dezl LGV 700, which breaks with the old naming conventions), incidentally, is a moderate improvement on the old one. The new screen is great; the mapping is a lot more detailed than on the 580 which had only a 5in screen with poor resolution (poorer than on the 780). The voice command system has been redesigned and is somewhat simpler, with the old menu system removed (perhaps because it was deemed a distraction) and seems to offer less functionality. You can still use it for hands-free calling, but you have to know who you’re calling because it doesn’t offer call lists or a scrollable phone book (you can access this with the touch screen, though). The new system seems to have eliminated the ‘history’ voice command, which when used in front of an iPhone would cause it to wake up and activate Siri as it mistook the word for “hey Siri”, so you can now turn that feature on your phone back on. It takes a bit of hunting through the settings to get filling stations, parking and other points of interest to show on the maps, which they really should as standard. It also offers only two route suggestions, like the 580; previous 7in units offered three. Traffic news now comes through its Garmin Drive smartphone app; older devices had an antenna attached to the power lead, and the new service is more reliable but invariably uses your mobile data.

There are three devices in the new series, the 700, 800 and 1000, the numbers reflecting the size in inches of the screens, and the two larger units can be deployed vertically or horizontally (portrait or landscape); however, only the 700 is compatible with old mounting devices (this is not made clear in any of their sales material) and no new ones seem to have been produced to accommodate the bigger units’ new larger ball joint. This means that you might find you have nowhere to put your navigator if you buy one of the two larger units; it offers a screw-down and large suction mount on a rather awkward and inflexible mounting arm, as well as a ‘male’ ball joint connector to attach to third-party devices (not the same as the ‘female’ ball-joint connector that is on the 700 and other smaller Garmin units). So, the 700 is the only consumer unit here; the 800 and 1000 are for installation on specific vehicles, most likely by the owner. This is a shame as I would have liked to have had the extra information on screen that a larger screen offered. All in all, it’s a good upgrade, but despite appearances, it’s not that radical a departure from the old devices. If you want a decent-sized unit with hands-free phone access, though, this one is for you.

Possibly Related Posts:


You may also like...