Who’d have thought that ATMs would become an absolute headache for financial institutions closer to the retirement of Windows XP? It never happened before, and chances are that it probably will never happen again.

The dynamics at the start of last decade, when Windows XP launched were totally different.

Computing and processing power were still progressing at a rapid pace, and operating systems were getting bigger footprints each new version. Now, however things have stabilized, save for the fact that many Windows XP users are still to upgrade.

With 14 days remaining until end of support, the 12-year-old platform powers 95 percent of all ATMs.

And now a new report by security vendor Symantec says that hackers have already found ways to attack these machines with a combination of malware and hardware.

Admittedly, the only thing this report has got to do with Windows XP is that it will be soon be unsupported meaning the large install base on ATMs will not get security fixes — but this is actually a physical security problem.

So anyway, a malware based on Backdoor.Ploutus was used in by hackers to bypass protection systems and steam money from ATMs using just a simple text message that was submitted to an infected cash machine. Way to put people’s money at risk, but there you have it!

The procedure is rather complicated, but the success rate is very high, according to the Symantec expert. It involves attaching a mobile phone via USB to the ATM.

And it also begs the question why banks are running full featured operating systems on their ATMs, and why are USB ports enabled and accessible to the public. The real scary bit here is that with security fixes, an orphaned operating system like Windows XP could become even more vulnerable.

Symantec does state that protecting older machines that will still have Windows XP installed post retirement will be a lot more challenging. Much to ponder then for banks and financial institutions!

Related Posts

As Microsoft promised on Patch Tuesday, a new fix for Surface Pro 3 tablets has been rolled out,...

The long arms of the law? The European Commission is once again breathing on Google’s tail, and...

A gratifying moment for Microsoft, surely. The company has delivered on its promise of offering...

9 Comments
  1. Bill Franklin / March 25, 2014 at 2:30 pm /Reply

    Oh man, that’s scary! Update ATMs as quickly as possible if it’s this easy for hackers. It’s time to move on from XP.

  2. This hasn’t seemed like that big of an issue until Microsoft said they’re ending support for XP. I think there’s legitimacy to this, but in the end, it’s probably overblown.

  3. Appears to be relatively simple to steal money from the ATM if you know how to do it, but how often is this actually happening? Do we have any data to see if this has spiked recently?

  4. I’m sure they could find a way no matter what OS the ATM was running as long as they make it USB accessible. That being said, Microsoft should have made it cheap and easy to upgrade a long time ago

  5. I don’t find a USB port while using ATM. That means the thieves have to physically access the back of the ATM in order to put a phone there. If that is the case, why not simply take the cash away. It can be done but no one should be silly enough to insist getting cash from the front of ATM.

Leave a Reply