Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
Editor's Blog and Industry Comments

ATM equipment could be left vulnerable after April

20 January, 2014
Withdrawal of support for Windows XP could leave up to 85% of ATM banking equipment vulnerable to hacking


With Microsoft's deadline of April 8th fast approaching, the software company's withdrawal of support for its 13-year-old operating system could cause mayhem in the banking community globally with as many as 85% of the installed base in the USA estimated to still be running the old version of the Windows operating system.



Lack of continued support means that Microsoft will no longer be closing security exposures or issuing patches to rectify bugs on XP. Knowing that so many users are still using XP will precipitate a flurry of activity amongst hackers trying to find previously undiscovered vulnerabilities. When they find them, it will be open season on all XP computers including banking equipment.



Commenting on the vulnerability of down-level ATM's, David Emm of Kaspersky Lab commented: "If ATMs running Windows XP aren’t updated (or replaced), it leaves them open to attack by anyone who finds a vulnerability that they can exploit to subvert the operation of the machines.  Effectively, any vulnerability identified after April becomes a permanent zero-day vulnerability for which there will be no patch."



The physical security of cash issuing equipment makes them virtually impenetrable and software vulnerabilities are practically the only means available to compromise them. With such large financial gains possible, there'll be no shortage of attempts.



The simple answer might seem to be simply to upgrade the operating system but for two problems. Firstly, the software would need to be re-written to operate on the new OS since there's no guarantee of upward compatibility. Secondly, the hardware is often very old so new computing hardware would need to be installed to be able to cope with the extra workload of supporting a new OS.



The problem is huge. Only 15% of ATMs in the USA are estimated to be safe from the problem and this number drops to a staggeringly low 5% worldwide.



So is Microsoft leaving the world's banking community unprotected? Well, it's hard to be too critical of Microsoft since the withdrawal of support for XP was long since announced, leaving sufficient time for XP users to upgrade. David Emm shares this opinion, saying:



"I don’t think you can lay the blame at Microsoft’s feet.  It’s more than 12 years since the launch of Windows XP; and at some point there has to come a time when any vendor decides that it’s no longer effective to try and patch it any more.  You can only patch a favourite pair of trousers for so long – eventually the only viable solution is to buy a new pair!



Read more insight into Microsoft's withdrawal of XP support in this article: "XP End of life could affect 20% of Windows users"

 





Jonathan Newell is a broadcast and technical journalist specialising in security systems and transport safety. He contributes to a range of titles in the technical press. He shares his time between the UK and Kazakhstan



 


Bookmark and Share