Banks To Owe Microsoft Big Time For Securing ATMs Running Windows XP
We've been talking about the demise of Windows XP for what seems like forever, but at the turn of the new year, a new reality came to face: Most of the world's ATMs are still running the OS. Given the fact that Windows XP's been on life-support for some time, it's unbelievable that so many banks still haven't updated their ATMs - it's totally unnecessary.
Banks still running Windows XP in their ATMs have the benefit of being able to get special support contracts with Microsoft, and while the Redmond company is keeping mum on the actual costs, they're going to be much more than a standard contract. With this, the lagging behavior of these banks is even sillier, since instead of paying Microsoft more for a special support contract, that money could have gone towards upgrading these ATMs.
According to the Chicago Tribune, Britain's biggest banks face costs of about $100m USD in order to upgrade their entire fleet of ATMs. It's believed that some banks have held off on purpose, in order to add new features to new or revamped ATMs. Even so, you'd have to imagine that this could have all been completed ages ago.
Many ATMs run an embedded version of XP called "CE", and that OS continues to be supported until 2016. However, based on this talk of increased support contract costs, we're led to believe that many ATMs are not running that special flavor.
Doug Johnson, the VP for Risk Management Policy at the American Bankers Association, tells of one major thing that works to the favor of all banks still on XP: "One thing in our favor is that XP is battle-hardened. People will benefit from years of fine-tuning of XP...It has been through wars."
If there's an upside to all of this, that's it.
Editor's Note: The late, great Barnaby Jack, Security expert and 'hacktivist" spoke of how remarkably vulnerable ATMs are back at the Black Hat conference in 2010. It's almost mandatory viewing if you want to learn a few things about connected device security. The video below covers the majority of his presentation on "Jackpotting" an ATM machine.