Garrmin. Both terrible and hilarious. 1

[3DDave]

Apparently Garmin is suffering from a cyberattack. Which means that anything they made that depends on contacting the company servers can't function correctly. Which means the smart watch fitness tracking. And also means the aircraft navigational aids.

https://www.infosecurity-magazine.com/news/garmin-outage-could-ground/

Bad for the pilots, but funny for the fitness guys.

 

[waross]

A John Deere rep told me a few years ago that when the check engine light comes on on a JD, the full information shows up simultaneously on the dealer's computer.
In extreme cases such as several payments behind, the dealer can disable a JD tractor.
The next time I see my favorite mechanic I'll ask if anything has changed in the last year or so.

[link ]Bill[/url]
--------------------
"Why not the best?"
Jimmy Carter

 

[hpaircraft]

...I quickly discovered that flying is a rich man's hobby...

You misspelled "resourceful."

 

[Sparweb]

I haven't kept up with the John Deere issue so I'm not sure if they still do that. I can't find any current news articles about hacking JD's, so either the affected farmers have switched to other equipment manufacturers, or JD backed off.
Last updated 2018:

https://tractorhacking.github.io/

"Software modifications increase the risk that equipment will not function as designed," the company continued. "As a result, allowing unqualified individuals to modify equipment software can endanger machine performance, in addition to Deere customers, dealers and others, resulting in equipment that no longer complies with industry and safety/environmental regulations."

No, it doesn't really pass the smell test. But only because their statements don't actually tell you anything. Do they imply that customer safety would be endangered? The wording is not clear what the scope of the problem could be.

AH,
Are you saying the same game has been played on the <30HP tractors, too? I've only heard and read about the very large agricultural tractors affected this way.

There's a lot I don't know about the tractors that could make a difference how JD is playing this.
What kind of engine ECU/emission control do they use?
What is its legal/environmental purpose?
What rules apply to the modification or protection of the ECU settings?
How do these rules change from country to country?
How elaborate is the GPS guidance package on these tractors?
Are other functions under computer control or safety lockout, such as implement operations, power take-off?
Does hacking one part (engine parameters) adversely affect other functions (guidance, implement safety, etc.)?

My first impression comes from my own experience playing around with CANBUS outputs from my own cars with a hand-held reader. This may or may not be applicable to the JD equipment situation. I'm not a tractor mechanic. My own tractor is much more similar to Alistair's - except from Japan not Czech.
I don't have enough knowledge of how modern large agricultural tractors work to understand how complex the software is, and what the consequences of altering the software could be.

All I know is that the farmers are PO'd and they believe that JD (and the dealers) have leveraged the situation for profit.

http://www.sparweb.ca

 

[IRstuff]

Aside from precision farming, it's still basically an internal combustion engine driven vehicle, so I can't see how that would be different than taking your car to your favorite mechanic instead of the dealer to get a tuneup or an engine repair.

TTFN (ta ta for now)
I can do absolutely anything. I'm an expert!

https://www.youtube.com/watch?v=BKorP55Aqvg

faq731-376 forum1529 Entire Forum list

http://www.eng-tips.com/forumlist.cfm

 

[verymadmac]

As a slight tangent, interestingly if one looks at the Nebraska Tractor tests, looks like tractor fuel efficiently is getting worse (certainly comparing my fathers 3 farm tractors, MF135, MF265 and MF4235 it did) but that could be a reflection of the increase in the hydraulic system.

 

[3DDave]

One claim is that JD rates the same motor in different tractors for different amounts of power and artificially limits the output to produce a different price point. Farmers say they have noted no difference in displacement or parts between such engines.

Other claims are that various sensors include authentication which means that if a sensor fails a replacement will not work until the system software is updated to accept the replacement. There also seems to be a purposeful effort to change how sensor software interfaces work so that a device expected to report the same data, such as a GPS receiver, on an old model can not function on a new one.

A prime example of this is a power management chip that Apple uses; after years of using a COTS chip, Apple ordered a custom version. It has the same electrical characteristics, but appears to use a different buss address. Apple has a no-compete contract with the supplier so the part is no longer available to anyone but Apple, despite producing the same outputs. Instead of $10 or so for the part, it's now time to put the motherboard into the grinder as Apple doesn't do board-level repairs, but will sell a replacement for $1500 or so, though any data that was not backed up also goes into the grinder because the data is custom encrypted with a key embedded in a security chip. Why the grinder? Prevents repair companies getting any other chips.

"For Deere and its dealerships, parts and services are three to six times more profitable than sales of original equipment, according to company filings."

https://www.bloomberg.com/news/feat...deere-over-who-gets-to-fix-an-800-000-tractor

Apple's situation is a little different. They don't appear to make much, if any, profit on repairs; instead they are driving customers to full price replacements.

 

[berkshire]

In several areas of the country, farmers are working around this, by refusing to buy newer John Deere equipment. They are buying good used older equipment or refurbishing the equipment they have.
B.E.

You are judged not by what you know, but by what you can do.

 

[Alistair_Heaton]

The one I hacked was a big one.
There is something in German law that forces OEM to provide spare parts and allows you to fix after warranty is up. Getting the interface wire to dock the computer was the worst issue. The farmer had most orequired stuff and it's now got German firmware on it. Which allows you to reset the servicing alerts and warnings. Which the original didn't. So if a fuel oil hydraulic filter bypass triggered the farmer can replace and reset and carry on within an hour. Instead of having to join the q for a fitter to come do it. It seems to be mostly hydraulic alerts.

There are still quite a few sitess which you can get software but if I VPN over to us you can't get to them unless you use the IP address.

Don't have a clue about the small ones but remembered the discussion here. The purchase will be after I rebuild the barn so I haven't progressed very far with the research. John feer seems to have very good deals including maint for 5 years. Almost too good. None of the locals will touch them. Everything is electronically controlled including the gear box. Spare parts are not easy either.

 

[WKTaylor]

This is NOT meant to be an endorsement... but I have been receiving [daily] SmartBrief on Cybersecurity newsletter for many months... the depth/width/diversity of cyber issues/attacks is eye-opening and mind-numbing... and starkly educational... experience is a cruel teacher!

Todays SmartBrief on current Cybersecurity [web version]…

https://www2.smartbrief.com/servlet...80F7&sid=188203b5-d3b3-4087-8236-0c93ca863ad0

Sign-up for a 'hairy ride into the blackness'...

https://www2.smartbrief.com/signupSystem/subscribe.action?pageSequence=1&briefName=cyber

Regards, Wil Taylor
o Trust - But Verify!
o We believe to be true what we prefer to be true. [Unknown]
o For those who believe, no proof is required; for those who cannot believe, no proof is possible. [variation,Stuart Chase]
o Unfortunately, in science what You 'believe' is irrelevant. ["Orion", Homebuiltairplanes.com forum]

 

[waross]

Back to the Garmin issue.
Years ago I had a crew working for me finishing a large department store in a new mall.
At the other end of the mall was another large department store.
Both stores had smart point of sale terminals tied back to the main in-store computer, which in turn communicated with the mainframe in the head office.
If the dedicated telephone line went down, the connection with the main computer system went down and no credit sales could be processed by the competing store.
In our store, when the telephone line was lost, credit transactions were handled locally by a stored data base which was updated frequently.
Business as usual.
How serious would it be if a software update was a day late because of a communication problem.
Just use yesterday's data, stored locally.


Bill
--------------------
"Why not the best?"
Jimmy Carter

 

[IRstuff]

Pretty serious, since there's no longer any facility for storing local data in many cases, especially data that might be the target of a hack. This is one reason there is only minimal credit card information located at or near a POS. Several previous hacks occurred because POS data was exfiltrated by hackers.

Likewise, as demonstrated in several recent outages, just-in-time inventory control requires data updates, otherwise, production stops or inventory runs out.



TTFN (ta ta for now)
I can do absolutely anything. I'm an expert!

https://www.youtube.com/watch?v=BKorP55Aqvg

faq731-376 forum1529 Entire Forum list

http://www.eng-tips.com/forumlist.cfm

 

[Sparweb]

Not sure I want to read any more of that, Wil. Thanks for posting it anyway. Sleep well.

http://www.sparweb.ca