Outdated OS gets ATMs Hacked within minutes

Monday, October 7, 2019

While bank customers have a blind faith on the technologically advanced machine called ATM, it’s cyber security measures have shocking lapses and loopholes in most cases. 5 years after the support for Windows XP was withdrawn, numerous ATM machines are still running on Windows XP, exposing them to various vulnerabilities and attacks. These ATMs running on end-of-life operating systems are the most attractive cash machines for hackers, each one ready to spit about $200,000 in cash. It is surprising how ATM operators have still not discarded such insecure ATMs running an old operating system on archaic components.


Security Risks for ATMs running on outdated OS

Where insecure network communication between the bank and the ATM machines is reportedly a major security risk, encryption of this network communication is also very important to keep intruders outside and to avoid manipulation of this communication. However, end-of-life systems are an even bigger problem.

Why is Windows XP a major threat?

Released in 2001, Windows XP is now an archaic talk. Microsoft ended support for this OS in 2014 and stopped releasing anti-malware patches for it on July 14th, 2015. So it no longer receives security patches and updates. Hence, they are vulnerable to network or local access attacks. Consequently, even small groups of criminals could communicate to install code, avoid the ATM’s built-in defense mechanisms, and avoid detection on the transaction log. Exploiting the vulnerabilities and executing remote code, fraudulent transactions can be carried out within moments. 

  • Many researchers have demonstrated successful network spoofing attacks and black box attacks on such ATMs running on outdated OS.
  • Another issue is, banks tend to use the same configuration on large number of ATMs, allowing for mass replication of a single successful attack on one ATM machine.
  • Moreover, these EOL systems can only be patched manually and it is practically impossible for a bank’s IT professionals to visit the machines, branch-by-branch, one-by-one, to apply Microsoft’s Windows XP for Embedded Systems’ security patches.
  • Additionally, many ATMs running XPe (embedded Windows XP) may not be using Enhanced Write Filter. EWF is designed to protect malware from executing onto a drive, corrupting files. While running EWF is always optional in XPe, it also has its own patches that need to be managed.

Why is Windows 7 a threat?

ATMs using Windows 7 are also at an approaching security risk. Just like Windows XP, Windows 7 is also being discarded by Microsoft and its support seizes on January 14th, 2020. Within 4 months, ATMs running on Windows 7 will also be exposed to cyber attacks. ATM system operators need to prioritize migration of ATMs from outdated OS to the latest OS available. However, the hardware and software migration will cost significantly high and will consume about six months to complete the process. This update therefore demands immediate attention and prioritizing.

What ATM operators can do

  • Revise your current ATM network, shut-down outdated machines and replace them with new solutions in the market, such as virtual ATMs.
  • Migrate your ATM OS to the latest version of Windows 10 or Linux.
  • In addition, many hardware platforms internal to current ATMs are too old to be supported by the more current Windows 10. As a result, many ATM operators such as banks will need to replace their hardware components with newer solutions to run on a newer OS.

Although an operating system migration and a computer platform upgrade together may prove very costly for all deployments of ATM machines, these steps are crucial to avoid millions being cashed out fraudulently by hackers. In addition, these ATMs are connected to a bank’s centralized electronic banking systems in order to operate, thereby camouflaging the security risk that could cost Trillions.

Data Sheets

Corporate Brochure

Our Story



Managed Security

Upcoming Rewterz Trainings/Events

Rewterz News

  • 23, February 2020 Rewterz Threat Advisory – CVE-2019-16028 – Cisco Firepower Management Center
  • 17, February 2020 Rewterz Threat Alert – Satan ransomware rebrands as 5ss5c ransomware
  • 14, February 2020 Rewterz Threat Alert – Emotet Malware Hacks Nearby Wi-Fi Networks to Infect New Victims
  • 13, February 2020 Rewterz Threat Advisory – CVE-2020-3119 – Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution

Copyright © Rewterz. All rights reserved.