Frightening: Most ATM Machines Still Running Windows XP

Frightening: Most ATM Machines Still Running Windows XP

When at a bank machine, making a deposit or taking cash out, it's easy to overlook the finer details of what's going on in the background. Such as, what operating system it's running. Unless you walked up to a machine that had a blue-screen-of-death present, would you have guessed that it was running Windows? According to statistics, there's a 95% chance that it is. What's more, it's almost certain that it's Windows XP.

As we've talked much about here, the support deadline for Windows XP is nearing fast, still set for April 8th, 2014. For end-users, this is an obvious problem - no one likes using an unsupported OS. And while Microsoft is doing a good deed in extending anti-malware support for the OS until July 2015, that means little if a severe OS vulnerability is discovered.


Credit: duncan / Flickr

If that's the reality for regular consumers, take into consideration the fact that these same potential issues would be present in over 400,000 ATMs across the US, and no doubt millions more across the globe. It's not just money being held behind this soon-to-be-weakened barrier, it's our money.

Of course, just because an unsupported OS is used, it doesn't mean that a hacker would be able to walk up to a machine and withdrawal our life savings, but imagine an exploit that can spread across a network and effectively lock-up thousands or even hundreds of thousands of ATMs. That might seem like a stretch, but anything is possible.

Fixing this issue is going to happen slowly. Microsoft is offering customized support contracts to companies that opt for it, but that's an expensive endeavor, and all it does is prolong the inevitable. It's being estimated that about 15% of Windows XP ATMs will be updated to Windows 7 by the April deadline, which really goes to show how slow these companies are in getting things done. The deadline for Windows XP has been known about for a good while, so it seems almost inexcusable that all of the nation's ATMs are not updated by this point.


ATMs running Windows XP CE are supported until 2016

A leading vendor, Diebold, states that ATMs will continue to work fine even if not updated, but that much should be obvious. But if you'll recall, Diebold is the company that was responsible for inaccurate voting machines during the 2004 US election, so I'm not sure how much faith I'd put in its wisdom or product security.

Regardless of how slow this rollout is, or what the true risk is, let's hope this story doesn't need to be followed-up to with one that confirms our fears.

0
+ -

If it ain't broke don't fix it

+1
+ -

Extending anti-malware support means little when it's the last anti-malware you should be using.

Current predictions call for a frenzy of hacks using zero-day exploits that are being stockpiled for the day when security patches are officially stopped.

People have already exploited these Windows ATMs.  Recently even:  http://www.extremetech.com/extreme/173701-atms-running-windows-xp-robbed-with-infected-usb-sticks-yes-most-atms-still-run-windows

0
+ -

Wonder if they will update them since Microsoft is going to discontinue updates for XP

0
+ -

Its better then vista

0
+ -

..... WHAT?! i always assumed they ran on their own OS

+1
+ -

Switch to LINUX !

0
+ -

It's quite the workhorse. Even if it is old it works fine for that.

0
+ -

Given the dot-matrix style of most ATMs I've seen, I would have presumed DOS.

0
+ -

Automatic Teller Machine machines?

0
+ -

^ this. Missed that.

0
+ -

Well hopefully the ATM machines running XP are on their own private network segmented off from the actual bank computers with no internet access. Much like the ones from 10-15 years ago which were running DOS/Win3.x or OS/2 were.

0
+ -

Not so surprising. I think it was about 10-12 years ago and I was using InsPASS at LAX to skip the immigration line. The machine was down, but the immigration officer came by to reboot. As I watched it, there it was - Windows 3.11 booting up. Unbelievable. Presumably they have upgraded to at least XP.

Login or Register to Comment
Post a Comment
Username:   Password: