When at a bank machine, making a deposit or taking cash out, it’s easy to overlook the finer details of what’s going on in the background. Such as, what operating system it’s running. Unless you walked up to a machine that had a blue-screen-of-death present, would you have guessed that it was running Windows? According to statistics, there’s a 95% chance that it is. What’s more, it’s almost certain that it’s Windows XP.
As we’ve talked much about here, the support deadline for Windows XP is nearing fast, still set for April 8th, 2014. For end-users, this is an obvious problem. No one likes using an unsupported OS. And while Microsoft is doing a good deed in extending anti-malware support for the OS until July 2015, that means little if a severe OS vulnerability is discovered.
If that’s the reality for regular consumers, take into consideration the fact that these same potential issues would be present in over 400,000 ATMs across the US, and no doubt millions more across the globe. It’s not just money being held behind this soon-to-be-weakened barrier, it’s our money.
Of course, just because an unsupported OS is used, it doesn’t mean that a hacker would be able to walk up to a machine and withdrawal our life savings, but imagine an exploit that can spread across a network and effectively lock-up thousands or even hundreds of thousands of ATMs. That might seem like a stretch, but anything is possible. There has been a group in Europe that has done this and walked off with millions of pounds/euros.
Fixing this issue is going to happen slowly. Microsoft is offering customized support contracts to companies that opt for it, but that’s an expensive endeavor, and all it does is prolong the inevitable. It’s being estimated that about 15% of Windows XP ATMs will be updated to Windows 7 by the April deadline, which really goes to show how slow these companies are in getting things done. The deadline for Windows XP has been known about for a good while, so it seems almost inexcusable that all of the nation’s ATMs are not updated by this point.
A leading vendor, Diebold, states that ATMs will continue to work fine even if not updated, but that much should be obvious. But Diebold is also the company that was responsible for inaccurate voting machines during the 2004 US election, so I’m not sure how much faith I’d put in its wisdom or product security.
Diebold has also created “Operation 411” which teaches about the importance of upgrading ATMs hardware and software.
(Image Source: iCLIPART)