Hackers Can Break Into A Windows XP ATM Via A Simple SMS

Who’d have thought that ATMs would become an absolute headache for financial institutions closer to the retirement of Windows XP? It never happened before, and chances are that it probably will never happen again.

The dynamics at the start of last decade, when Windows XP launched were totally different.

Computing and processing power were still progressing at a rapid pace, and operating systems were getting bigger footprints each new version. Now, however things have stabilized, save for the fact that many Windows XP users are still to upgrade.

With 14 days remaining until end of support, the 12-year-old platform powers 95 percent of all ATMs.

And now a new report by security vendor Symantec says that hackers have already found ways to attack these machines with a combination of malware and hardware.

Admittedly, the only thing this report has got to do with Windows XP is that it will be soon be unsupported meaning the large install base on ATMs will not get security fixes — but this is actually a physical security problem.

So anyway, a malware based on Backdoor.Ploutus was used in by hackers to bypass protection systems and steam money from ATMs using just a simple text message that was submitted to an infected cash machine. Way to put people’s money at risk, but there you have it!

The procedure is rather complicated, but the success rate is very high, according to the Symantec expert. It involves attaching a mobile phone via USB to the ATM.

And it also begs the question why banks are running full featured operating systems on their ATMs, and why are USB ports enabled and accessible to the public. The real scary bit here is that with security fixes, an orphaned operating system like Windows XP could become even more vulnerable.

Symantec does state that protecting older machines that will still have Windows XP installed post retirement will be a lot more challenging. Much to ponder then for banks and financial institutions!

Please Leave Your Comments Below...

  • Bill Franklin

    Oh man, that’s scary! Update ATMs as quickly as possible if it’s this easy for hackers. It’s time to move on from XP.

  • Ted Smith

    This hasn’t seemed like that big of an issue until Microsoft said they’re ending support for XP. I think there’s legitimacy to this, but in the end, it’s probably overblown.

  • Emily W

    Appears to be relatively simple to steal money from the ATM if you know how to do it, but how often is this actually happening? Do we have any data to see if this has spiked recently?

    • Rodney Longoria

      Just Bing what happened a few years ago in NYC’s ATM’s. That was massive!

  • Ray C

    I’m sure they could find a way no matter what OS the ATM was running as long as they make it USB accessible. That being said, Microsoft should have made it cheap and easy to upgrade a long time ago

  • WillyThePooh

    I don’t find a USB port while using ATM. That means the thieves have to physically access the back of the ATM in order to put a phone there. If that is the case, why not simply take the cash away. It can be done but no one should be silly enough to insist getting cash from the front of ATM.

    • Arseny Mikhaylov

      trying to remove the money cartage (without proper equipment) will lead to a paintball exploding inside it and voiding all of the money inside
      so getting it out by sending a text message is a valid option

      • http://www.learnabouttheweb.com/ Onuora Amobi

        So that’s really scary that you know that.

        LOL

      • WillyThePooh

        My friend who services ATM said there’s no paintballs in ATM. Who told you about the paintball in ATM?