While bank customers have a blind faith on the technologically advanced machine called ATM, it’s cyber security measures have shocking lapses and loopholes in most cases. 5 years after the support for Windows XP was withdrawn, numerous ATM machines are still running on Windows XP, exposing them to various vulnerabilities and attacks. These ATMs running on end-of-life operating systems are the most attractive cash machines for hackers, each one ready to spit about $200,000 in cash. It is surprising how ATM operators have still not discarded such insecure ATMs running an old operating system on archaic components.
Where insecure network communication between the bank and the ATM machines is reportedly a major security risk, encryption of this network communication is also very important to keep intruders outside and to avoid manipulation of this communication. However, end-of-life systems are an even bigger problem.
Released in 2001, Windows XP is now an archaic talk. Microsoft ended support for this OS in 2014 and stopped releasing anti-malware patches for it on July 14th, 2015. So it no longer receives security patches and updates. Hence, they are vulnerable to network or local access attacks. Consequently, even small groups of criminals could communicate to install code, avoid the ATM’s built-in defense mechanisms, and avoid detection on the transaction log. Exploiting the vulnerabilities and executing remote code, fraudulent transactions can be carried out within moments.
ATMs using Windows 7 are also at an approaching security risk. Just like Windows XP, Windows 7 is also being discarded by Microsoft and its support seizes on January 14th, 2020. Within 4 months, ATMs running on Windows 7 will also be exposed to cyber attacks. ATM system operators need to prioritize migration of ATMs from outdated OS to the latest OS available. However, the hardware and software migration will cost significantly high and will consume about six months to complete the process. This update therefore demands immediate attention and prioritizing.
Although an operating system migration and a computer platform upgrade together may prove very costly for all deployments of ATM machines, these steps are crucial to avoid millions being cashed out fraudulently by hackers. In addition, these ATMs are connected to a bank’s centralized electronic banking systems in order to operate, thereby camouflaging the security risk that could cost Trillions.