Jump to content

Recommended Posts

Posted

The Vast Majority Of Bank ATMs Will Be Suddenly Vulnerable To Hackers On April 8

On April 8, Microsoft will end its support for Windows XP, leaving up to 95% of bank ATM machines vulnerable to hackers.

Machines running outdated operating systems, unbacked by corporate security updates, are the easiest types of computers to hack. And most ATMs run Windows XP.

Microsoft is expecting hackers to go to work on machines running XP as soon as the April 8 deadline passes: “The probability of attackers using security updates for Windows 7, Windows 8, Windows Vista to attack Windows XP is about 100 per cent,” Timothy Rains, Microsoft’s director of trustworthy computing, said recently.

Windows XP was originally launched in 2001 and is widely regarded as the best version of Windows ever. Just under 40% of PC users still run Windows XP on their desktops. Microsoft is trying to force all those users to upgrade to newer, more secure versions of Windows. The company originally tried to migrate everyone off XP back in 2007, but people liked it so much many refused to upgrade. So Microsoft begrudgingly kept up support for XP for seven more years.

Now, Microsoft is finally pulling the plug, and bank ATMs still running XP are about to become Target No.1 for hackers.

The world of bank ATMs moves even more slowly than personal computer users. NCR estimates that up to 95% of ATMs run XP, and that only a third of them will have been converted to new systems by April 8.

Many banks are paying Microsoft to extend support for XP on cash machines while they make the switch to Windows 7, according to Reuters.

More here - finance.yahoo

  • Like 1
Posted

I saw this on one of the television news channels and have to admit it doesn't make any sense to me.

I'm quite sure ATM machines are not connected to the internet or any other publicly accessible network. So in order for a potential hacker/attacker to take advantage of a vulnerability in the operating system of an ATM machine they would first have to gain access to a financial institutions private network which most certainly doesn't run on Windows XP.

Or am I missing something?

Posted

well so on a defcon, a hacker that accessing the machine PC, could just inserting a preloaded usb key, reset the PC, and make him start to spit money out.

Posted

Clear as mud to me. Please explain how Windows XP, a personal OP PC system, works on an ATM? Is it similar to connecting to an Internet account on a PC?

  • Like 1
Posted

I saw this on one of the television news channels and have to admit it doesn't make any sense to me.

I'm quite sure ATM machines are not connected to the internet or any other publicly accessible network. So in order for a potential hacker/attacker to take advantage of a vulnerability in the operating system of an ATM machine they would first have to gain access to a financial institutions private network which most certainly doesn't run on Windows XP.

Or am I missing something?

Afraid so.

While network traffic to and from those machines will be heavily encrypted, they are on a network and that would be "the internet", i.e. run through the same cables. It's called a VPN (virtual private network).

Banks are not in the business of digging for their own cables. Might be different for short connections between server plants, but not for keeping every single ATM in a country on a live connection, which those obviously need.

So there is the possibility to reach a machines network adapter and insert some malformed code to breach through whatever firewall these machines might have, quite like on a normal computer. Ask the NSA for specifics.

There was one very interesting case in Europe where criminals had obviously had access to one make of ATM (probably ripped it of the wall) and knew exactly where the connectors on the standard PC mainboard lay. So they cut a wee hole in the site of operating ATM to insert a USB-Stick that changed the operating system on the thing, and skillfully shut that hole. They could now, by typing a long passphrase individual for each infected machine on the num-pad, go into a special user interface and make unlimited withdrawals without the machine logging them, and then reset the thing to normal operation.

Was even a nice user-friendly interface with an option to erase the whole trojan.

Posted

Clear as mud to me. Please explain how Windows XP, a personal OP PC system, works on an ATM? Is it similar to connecting to an Internet account on a PC?

Because for cost-effectiveness they didn't make up their own embedded system or special hardware. An ATM is basically a normal over-the-counter PC in a big sturdy box with money-telling slot and machinery or what you might call it.

It's all normal PC stuff: a motherboard, ethernet adapter, graphic-chip, harddrive. On the rare occasions the things crash you can see your well-accustomed XP-desktop or bluescreen-of-death.

  • Like 1
Posted

Microsoft have already said they will support embedded XP (in ATMs and POS systems etc) until 2016 - and unofficially (slightly - it was official letter leaked) in China for XP consumers because the Win 7 uptake is almost non existent.

Posted

Say thank you Microsoft.I will stop using ATM machines til they change XP.I have to throw away my perfectly good computer.

I'm going to chrome.I'm done with Microsoft products.

Posted

Say thank you Microsoft.I will stop using ATM machines til they change XP.I have to throw away my perfectly good computer.

I'm going to chrome.I'm done with Microsoft products.

You don't have to throw away your computer. You can continue using it and rely on firewall software if that's what you want. XP is not going to stop. It is just not going to be supported by MS>

Posted

Yawn - sounds pretty much like all the pre-1999 (Y2K) hype.

"HURRY ! Buy our product NOW or airplanes will start falling from the skies, pacemakers will explode in you chest and we'll all be back in the Stone Age come 1 Jan 2000 ! Hurry and buy our guaranteed upgrade before it's too late !"

So much frikken BS hype that people like myself (and others in uniform) spent New Years Eve 1999 manning emergency response centers "just in case". Some software companies made a bundle selling useless upgrades for a problem the computing industry knew existed literally from the day the first PCs and OSs were sold (banks knew about the "00" date issue as far back as 1975 when they were amortizing 25 year mortgages).

Now what we have is MS in a bind because nobody likes their "new and improved" OS and, surprise-surprise, hardly ANYONE wants their computer to look/act like their frikken phone. The only way they can get people to buy the new system (so they can try to recoup all those wasted development costs) is to stop supporting older, more popular versions of their software.

It is unlikely that just because MS stops supporting the software on 8 Apr that hackers are lining up with hacks that for some reason will suddenly work that same day. And I'll bet a lot of companies are balking at upgrading to Windows 7 when 8 is out and 9 is coming soon. But that's a part of the whole marketing plan. Just like it is with PCs themselves.

Not long after I bought my first 286 they came out with a 386 chip. It was all the "rage" and soon all new software and games would only work on that chip, not the "slightly" older 286. I resisted upgrading mainly because I'd just read an article mentioning that the 486 "Pentium" chip was already in mass production, and "they" had a 586 chip ready to go once the sales of 486 chip equipped machines started to sag.

And that lit a very large light bulb. They had the more advanced tech ready to go, but deliberately held it back until sales of the older tech had slowed down to a certain degree, indicating that the majority of the consumers had upgraded to that level already. Then they bring out the newer chip so everyone is forced to upgrade again, sometimes barely months after just having upgraded previously !

MS is pretty much doing the same. Bring out a new OS when they see the sales of previous versions is slowing down. Write the OS so that most older programs are no longer compatible (meaning software developers have to redo their programs to be compatible, which means you have to buy the new OS in order to keep running the upgraded versions of software you already have and was working fine before). If Win 9 is shipping now, then they probably have Win 10 queued up in the production lines and Win 11 is probably getting it's pre-production QA checks and final polishing.

If financial institutes are reluctant to upgrade to newer versions of Windows, MS has no one to blame but itself, for continuously releasing such buggy versions of it's software that they require constant patching and upgrades to keep them going. Banks do not want to have to be upgrading the software in their huge ATM chains every week (or more often) and risking their machines crashing frequently (which would of course drive customers to use other bank's ATMs). Not to mention that every frikken new version of the OS that comes out would require them to buy 10s of thousands of new licences.

Unfortunately, until someone comes out with a better system (no, not Linux), one that is better in every way than windoze and easy for people to switch over to, we are stuck with what we have.

  • Like 1
Posted

Yawn - sounds pretty much like all the pre-1999 (Y2K) hype.

"HURRY ! Buy our product NOW or airplanes will start falling from the skies, pacemakers will explode in you chest and we'll all be back in the Stone Age come 1 Jan 2000 ! Hurry and buy our guaranteed upgrade before it's too late !"

So much frikken BS hype that people like myself (and others in uniform) spent New Years Eve 1999 manning emergency response centers "just in case". Some software companies made a bundle selling useless upgrades for a problem the computing industry knew existed literally from the day the first PCs and OSs were sold (banks knew about the "00" date issue as far back as 1975 when they were amortizing 25 year mortgages).

Now what we have is MS in a bind because nobody likes their "new and improved" OS and, surprise-surprise, hardly ANYONE wants their computer to look/act like their frikken phone. The only way they can get people to buy the new system (so they can try to recoup all those wasted development costs) is to stop supporting older, more popular versions of their software.

It is unlikely that just because MS stops supporting the software on 8 Apr that hackers are lining up with hacks that for some reason will suddenly work that same day. And I'll bet a lot of companies are balking at upgrading to Windows 7 when 8 is out and 9 is coming soon. But that's a part of the whole marketing plan. Just like it is with PCs themselves.

Not long after I bought my first 286 they came out with a 386 chip. It was all the "rage" and soon all new software and games would only work on that chip, not the "slightly" older 286. I resisted upgrading mainly because I'd just read an article mentioning that the 486 "Pentium" chip was already in mass production, and "they" had a 586 chip ready to go once the sales of 486 chip equipped machines started to sag.

And that lit a very large light bulb. They had the more advanced tech ready to go, but deliberately held it back until sales of the older tech had slowed down to a certain degree, indicating that the majority of the consumers had upgraded to that level already. Then they bring out the newer chip so everyone is forced to upgrade again, sometimes barely months after just having upgraded previously !

MS is pretty much doing the same. Bring out a new OS when they see the sales of previous versions is slowing down. Write the OS so that most older programs are no longer compatible (meaning software developers have to redo their programs to be compatible, which means you have to buy the new OS in order to keep running the upgraded versions of software you already have and was working fine before). If Win 9 is shipping now, then they probably have Win 10 queued up in the production lines and Win 11 is probably getting it's pre-production QA checks and final polishing.

If financial institutes are reluctant to upgrade to newer versions of Windows, MS has no one to blame but itself, for continuously releasing such buggy versions of it's software that they require constant patching and upgrades to keep them going. Banks do not want to have to be upgrading the software in their huge ATM chains every week (or more often) and risking their machines crashing frequently (which would of course drive customers to use other bank's ATMs). Not to mention that every frikken new version of the OS that comes out would require them to buy 10s of thousands of new licences.

Unfortunately, until someone comes out with a better system (no, not Linux), one that is better in every way than windoze and easy for people to switch over to, we are stuck with what we have.

Ah.....those were the days. I still remember when I asked the computer shop to upgrade my new 386 to 1 meg of memory from the standard 640k. The guy asked my why the hell I wanted a "super computer" with so much RAM.

Posted

Ah.....those were the days. I still remember when I asked the computer shop to upgrade my new 386 to 1 meg of memory from the standard 640k. The guy asked my why the hell I wanted a "super computer" with so much RAM.

Getting "Ultima V" to run springs to mind. Along with installing a Creative Soundblaster 1st generation yourself ...

Posted

"...only a third of them will have been converted to new systems by April 8."

Anyone know who these banks are?

Just look for this logo on the ATM:

Apple_gray_logo-300x300.png

That's it, I'm taking my money out and putting it in my pillow case.

Posted

ATM's are closed systems and completely isolated from the Internet and other sources that could insinuate themselves onto the operating system.

They absolutely will not be getting any viruses.

There's a podcast at Grc.com that covers this whole issue.

Sent from my iPhone using Thaivisa Connect Thailand

Posted

Hackers my arse they have to hack the banks com The workings of Atm;;;;>atm1.gif

Countless times I've seen the computer and modem been left outside the ATM box itself, running happily on the floor next to it with the service guy gone who knows where. All you need to do is plug in a usb stick and reset.

Posted
Gsxrnz, on 20 Mar 2014 - 09:56, said:
Kerryd, on 20 Mar 2014 - 09:44, said:

Yawn - sounds pretty much like all the pre-1999 (Y2K) hype.

"HURRY ! Buy our product NOW or airplanes will start falling from the skies, pacemakers will explode in you chest and we'll all be back in the Stone Age come 1 Jan 2000 ! Hurry and buy our guaranteed upgrade before it's too late !"

So much frikken BS hype that people like myself (and others in uniform) spent New Years Eve 1999 manning emergency response centers "just in case". Some software companies made a bundle selling useless upgrades for a problem the computing industry knew existed literally from the day the first PCs and OSs were sold (banks knew about the "00" date issue as far back as 1975 when they were amortizing 25 year mortgages).

Now what we have is MS in a bind because nobody likes their "new and improved" OS and, surprise-surprise, hardly ANYONE wants their computer to look/act like their frikken phone. The only way they can get people to buy the new system (so they can try to recoup all those wasted development costs) is to stop supporting older, more popular versions of their software.

It is unlikely that just because MS stops supporting the software on 8 Apr that hackers are lining up with hacks that for some reason will suddenly work that same day. And I'll bet a lot of companies are balking at upgrading to Windows 7 when 8 is out and 9 is coming soon. But that's a part of the whole marketing plan. Just like it is with PCs themselves.

Not long after I bought my first 286 they came out with a 386 chip. It was all the "rage" and soon all new software and games would only work on that chip, not the "slightly" older 286. I resisted upgrading mainly because I'd just read an article mentioning that the 486 "Pentium" chip was already in mass production, and "they" had a 586 chip ready to go once the sales of 486 chip equipped machines started to sag.

And that lit a very large light bulb. They had the more advanced tech ready to go, but deliberately held it back until sales of the older tech had slowed down to a certain degree, indicating that the majority of the consumers had upgraded to that level already. Then they bring out the newer chip so everyone is forced to upgrade again, sometimes barely months after just having upgraded previously !

MS is pretty much doing the same. Bring out a new OS when they see the sales of previous versions is slowing down. Write the OS so that most older programs are no longer compatible (meaning software developers have to redo their programs to be compatible, which means you have to buy the new OS in order to keep running the upgraded versions of software you already have and was working fine before). If Win 9 is shipping now, then they probably have Win 10 queued up in the production lines and Win 11 is probably getting it's pre-production QA checks and final polishing.

If financial institutes are reluctant to upgrade to newer versions of Windows, MS has no one to blame but itself, for continuously releasing such buggy versions of it's software that they require constant patching and upgrades to keep them going. Banks do not want to have to be upgrading the software in their huge ATM chains every week (or more often) and risking their machines crashing frequently (which would of course drive customers to use other bank's ATMs). Not to mention that every frikken new version of the OS that comes out would require them to buy 10s of thousands of new licences.

Unfortunately, until someone comes out with a better system (no, not Linux), one that is better in every way than windoze and easy for people to switch over to, we are stuck with what we have.

Ah.....those were the days. I still remember when I asked the computer shop to upgrade my new 386 to 1 meg of memory from the standard 640k. The guy asked my why the hell I wanted a "super computer" with so much RAM.

Ah, we do go back a long way, I can remember wanting to upgrade my 386SX, from 1MB to 2MB of memory, it would cost $100/MB and I had to remove the existing chips then repopulate the motherboard, my current PC has 16GB of memory, which using $100/MB my PC has the equivalent of $1,600,000 worth of memory never mind the CPU, graphics cards etc.

Posted
MrWorldwide, on 20 Mar 2014 - 10:46, said:
rickirs, on 20 Mar 2014 - 10:22, said:

"...only a third of them will have been converted to new systems by April 8."

Anyone know who these banks are?

Just look for this logo on the ATM:

Apple_gray_logo-300x300.png

Or more likely this

post-147324-0-67544900-1395292675.jpg

  • Like 1
Posted

Hackers my arse they have to hack the banks com The workings of Atm;;;;>atm1.gif

Countless times I've seen the computer and modem been left outside the ATM box itself, running happily on the floor next to it with the service guy gone who knows where. All you need to do is plug in a usb stick and reset.
"Countless times..."? Never seen this myself. Sorry to be rude but I am more than a little sceptical.
Posted

ATM's are closed systems and completely isolated from the Internet and other sources that could insinuate themselves onto the operating system.

They absolutely will not be getting any viruses.

There's a podcast at Grc.com that covers this whole issue.

Sent from my iPhone using Thaivisa Connect Thailand

Isolated? So how do you suppose they obtain authorisation from your bank for your withdrawal? Lol.

Posted

Hackers my arse they have to hack the banks com The workings of Atm;;;;>atm1.gif

Countless times I've seen the computer and modem been left outside the ATM box itself, running happily on the floor next to it with the service guy gone who knows where. All you need to do is plug in a usb stick and reset.
"Countless times..."? Never seen this myself. Sorry to be rude but I am more than a little sceptical.

F.ex at the ex-Carrefour (BigC extra), in Tukcom, couple of times in Lotus @ Thepprasit to mention a few. Not a rare occurrence. In BigC extra the whole machine was once pulled out of the wall with the innards open to all, while people were withdrawing money. Should have taken a pic but didn't have a camera on me.

Posted

There might be practical mitigating actions that the banks can take. But what the banks are doing remains to be seen. See "Mitigating risk after April 8 - without Windows 7"

http://www.atmmarketplace.com/article/226707/Mitigating-risk-after-April-8-without-Windows-7

I've asked a couple of banks by email what they are doi9ng, and if I get any relevant answers I will post them.

I will be very surprised if you get any replies to your emails

Posted

Say thank you Microsoft.I will stop using ATM machines til they change XP.I have to throw away my perfectly good computer.

I'm going to chrome.I'm done with Microsoft products.

When I get back to the UK I'm going to buy an Acer chromebook C720 - it costs 200 pounds, takes 5 - 7 seconds to boot up and has an 8 hour battery life!!!

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.


  • Topics

  • Latest posts...

    1. 29

      Shocking Online Threats: Trans Woman Targets JK Rowling and Nancy Mace in Call to Violence

    2. 12

      /Featured Quiz22nd November - Weekly Featured Quiz - General Knowledge

    3. 50

      British lawyer latest to fall in Laos alcohol poisoning tragedy

    4. 19

      My VPN package is going up - Looking for Recommendations - Advice.

    5. 57

      Gaetz withdraws from AG

    6. 0

      5 Underrated Apps That Will Help You in Thailand

    7. 7

      Kalasin’s Oldest Resident Passes Away at 121

    8. 29

      Shocking Online Threats: Trans Woman Targets JK Rowling and Nancy Mace in Call to Violence

  • Popular in The Pub


×
×
  • Create New...