Who’d have thought that ATMs would become an absolute headache for financial institutions closer to the retirement of Windows XP? It never happened before, and chances are that it probably will never happen again.
The dynamics at the start of last decade, when Windows XP launched were totally different.
Computing and processing power were still progressing at a rapid pace, and operating systems were getting bigger footprints each new version. Now, however things have stabilized, save for the fact that many Windows XP users are still to upgrade.
With 14 days remaining until end of support, the 12-year-old platform powers 95 percent of all ATMs.
And now a new report by security vendor Symantec says that hackers have already found ways to attack these machines with a combination of malware and hardware.
Admittedly, the only thing this report has got to do with Windows XP is that it will be soon be unsupported meaning the large install base on ATMs will not get security fixes — but this is actually a physical security problem.
So anyway, a malware based on Backdoor.Ploutus was used in by hackers to bypass protection systems and steam money from ATMs using just a simple text message that was submitted to an infected cash machine. Way to put people’s money at risk, but there you have it!
The procedure is rather complicated, but the success rate is very high, according to the Symantec expert. It involves attaching a mobile phone via USB to the ATM.
And it also begs the question why banks are running full featured operating systems on their ATMs, and why are USB ports enabled and accessible to the public. The real scary bit here is that with security fixes, an orphaned operating system like Windows XP could become even more vulnerable.
Symantec does state that protecting older machines that will still have Windows XP installed post retirement will be a lot more challenging. Much to ponder then for banks and financial institutions!