Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Do ATMs running Windows XP pose a security risk? You can bank on it

Kim Crawley, security researcher for the InfoSec Institute | Feb. 4, 2014
World-renowned IT security expert Bruce Schneier is a friend of mine. He's worked extensively with my fiance, Sean Rooney, on a couple of projects. So, beyond my career-related need to keep up with the latest IT security news, I also read Schneier's website periodically the way people look at their friends' pages on Facebook. "What's he up to lately? What's on his mind?"

"I have talked to some customers who, for one reason or another, will not have completely migrated from Windows XP before April 8. I have even talked to some customers that say they won't migrate from Windows XP until the hardware is running on fails," said Microsoft's Tim Rains.

Banks and ATM manufacturers such as Diebold are usually secretive about the specifics of the hardware and software they use. That's perfectly understandable.

Wells Fargo, Bank of America and Royal Bank of Canada are among many banks worldwide which are still operating huge numbers of XPe ATMs.

If we see major attacks on XPe-run ATMs in 2016 and beyond, it'll make retail POS attacks look minor in comparison. Remember, ATMs must be connected to a bank's centralized electronic banking systems in order to operate. Trillions may be at risk.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.