AfterDawn: Tech news

95 percent of ATMs run on Windows XP and XP loses Microsoft support in April

Written by Andre Yoskowitz (Google+) @ 20 Jan 2014 11:58 User comments (16)

95 percent of ATMs run on Windows XP and XP loses Microsoft support in April On April 8th, Microsoft will end their support of the ancient Windows XP operating system, and with that deadline comes an interesting time for the world's banks and the estimated 3 million ATMs around the globe.
95 percent of current ATMs run on Windows XP and when support ends, that means security patches will no longer be executed for the machines, putting them out of compliance with industry standards. With billions of dollars involved, the banks will be forced to upgrade the machines to Windows 7.

Robert Johnston, a marketing director at NCR, the largest ATM supplier in the U.S., says the need to upgrade will affect machines differently. For example, older machines will need to be completely scrapped since their internals cannot support Windows 7. JPMorgan Chase, which has 19,000 ATMs, says 3000 of its machines will need to have its components upgraded before the transition can even begin.

Aravinda Korala, chief executive officer of ATM software provider KAL, says the world is not ready for the dealine: "The ATM world is not really ready, and that's not unusual. ATMs move more slowly than PCs." In fact, Korala says only 15 percent of devices will be ready by April 8th.

Many banks are using Microsoft's custom tech support agreements to temporarily extend the life of Windows XP, including Chase, who will start the transition in July. A single ATM upgrade can cost $300 if the hardware is sufficient, or thousands of dollars if new components or a new machine is required. For smaller banks with older tech, this could be a make-or-break situation.

All old ATMs will continue to work past the deadline, but they will become increasingly more vulnerable to hacks and attacks the longer Windows XP is out of support. Windows 7 will bring support for multitouch interfaces, including swiping, pinching and dragging.

Tags: Windows XP ATM
Previous Next

Related news

 

16 user comments

120.1.2014 12:05

It's not like they did not get plenty of warning. If they have not made plans to upgrade their ATMs by now then they are not a bank I want to work with.


AMD Phenom II 965 @ 3.67Ghz, 8GB DDR3, ATI Radeon 5770HD, 256GB OCZ Vertex 4, 2TB Additional HDD, Windows 7 Ultimate.

http://www.facebook.com/BlueLightningTechnicalServices

220.1.2014 12:12

or bank with.

320.1.2014 12:26

Originally posted by ddp:
or bank with.
That is what I meant.. :)

AMD Phenom II 965 @ 3.67Ghz, 8GB DDR3, ATI Radeon 5770HD, 256GB OCZ Vertex 4, 2TB Additional HDD, Windows 7 Ultimate.

http://www.facebook.com/BlueLightningTechnicalServices

420.1.2014 13:47

This is a prime example of how everyone is over reacting about this.EVery ATM should be connected to a closed network, why they think suddenly malware makers could jump to offline systems is baffling me. There are POS systems still running 95, without updates, without upgrades, using the same GUI made in the last century. And not being net connected how are they any less secure come April than they were 15 years ago?

To truly change all the "obsolete" systems would take training whole workforces over and untold hardware upgrades that by experience will be buggier and less secure than the 20 year old systems in place.

I for one don't understand why banks or any retail with need for secure unhackable systems still use off the rack retail OS's even if they are "enterprise or corporate" editions. They are still using an OS based off a basic home use appliance, not a secure industrial tailored package.

520.1.2014 14:17

Originally posted by Qliphah:
This is a prime example of how everyone is over reacting about this.EVery ATM should be connected to a closed network, why they think suddenly malware makers could jump to offline systems is baffling me. There are POS systems still running 95, without updates, without upgrades, using the same GUI made in the last century. And not being net connected how are they any less secure come April than they were 15 years ago?

To truly change all the "obsolete" systems would take training whole workforces over and untold hardware upgrades that by experience will be buggier and less secure than the 20 year old systems in place.

I for one don't understand why banks or any retail with need for secure unhackable systems still use off the rack retail OS's even if they are "enterprise or corporate" editions. They are still using an OS based off a basic home use appliance, not a secure industrial tailored package.
I agree completely with you, i was about to type up something similar. It reminds me of the super-hype that came with the Y2K issue, that was such a dud and nothing really happened. All the banks i worked for they were so anal about security and stability, i'm certain they have been running mirrored systems with the date past 2015 or later for a year or more.

Additionally when was the last update to WinXP? SP3 came out 21 Apr, 2008, and those machines are still going strong for 5 years so far, why would they tip over now?

620.1.2014 14:18

I don't think this will be a problem. ATMs would generally run a very feature-specific embedded version of Windows XP, so the potential attack vectors for it will be a lot less than of a consumer operating system that is at its end of life.

720.1.2014 22:47

interresting considering the smarter banks are using atm's powered with unix theres two becu machines where i am at that use mac os x

821.1.2014 7:20

Quote:
interresting considering the smarter banks are using atm's powered with unix theres two becu machines where i am at that use mac os x
Thank you: I was just going to say why can't they use Unix or variant of Linux. Once the program is up and running it's not like they need to worry about maintaining it much. Heck can't they even use Wine to keep POS running through Win-XP? Mind you that may bring an entirely new area of issues. Still using Windows just still shocking given the thousands of dollars / ATM.

921.1.2014 12:25

I feel no pity what-so-ever!

XP is outdated, garbage compared to what is available now and those clinging on deserve EVERY single ill-fated action taken against XP when support ends. I will laugh my ass off when everyone calls me for tech support because they slacked on maintaining SOME SEMBLANCE of technological edgyness.

1021.1.2014 12:51

Typically these machines would run a very locked down and specific build of XP. If they were that concerned in upgrading they've had 3 iterations of Windows to do so now (Vista, 7, 8) so it must not be a major issue.

1122.1.2014 12:15

Originally posted by SProdigy:
Typically these machines would run a very locked down and specific build of XP. If they were that concerned in upgrading they've had 3 iterations of Windows to do so now (Vista, 7, 8) so it must not be a major issue.
huh......I did not know that (about the locked down specific build of XP). Always thought those things were linux/unix based anyway.

Thanks for clarification.

1222.1.2014 12:25

Originally posted by hearme0:
Thanks for clarification.
To clarify more, it would be that network's admin(s) that would restrict group policy and intentionally create a build image of XP that would be functionally useless except for a specific software platform. We would do that all of the time at my former job, you can go as far as to restrict internet access and access to any menus.

Actually becomes a headache to support, because you have to physically reboot the machines and stand by so they don't auto login to the restricted environment (then you could access admin functions, but even then, when you remove some components of XP, we would have to have an installation disc or executables and the proper privileges to install as well.)

1324.1.2014 15:07

Originally posted by SomeBozo:
It reminds me of the super-hype that came with the Y2K issue, that was such a dud and nothing really happened.

Funny thing about what happened with Y2K. The only real victims? Some ATM's in smaller parts of the world. When the calendar rolled over, they had issues. That was the only major headache.


Y2K was a bust because people took steps to rectify it years in advance. Where I worked at the time, 1999 was spent updating the applications to be compliant. The whole year was spent in updating and testing. I worked the 3rd shift so I was exposed to a lot of this work because that was the best time to test without interfering with daily operations.


People have had years in advance to rectify this ATM issue, too. They just haven't.

1424.1.2014 15:11

Daylight Savings changes here in the United States were more of a PITA on computer systems than Y2K ever was.

1528.1.2014 23:49

For every netbanking transaction or on-line credit card purchase my bank sends me an OTP - one time password - to confirm and verify the transaction. So, unless some one has cloned my phone, why should it be insecure?

BTW I have all my phone data backed up on my PC and memory card. I would simply remove my sim card and the memory card before turning it in for any kind of service.

161.2.2014 22:02

Originally posted by hearme0:
I feel no pity what-so-ever!

XP is outdated, garbage compared to what is available now and those clinging on deserve EVERY single ill-fated action taken against XP when support ends. I will laugh my ass off when everyone calls me for tech support because they slacked on maintaining SOME SEMBLANCE of technological edgyness.

And here, I thought that my slide rule was still the cat's meow. I guess that I had better get some of this new fangled sh*t.

Thanks for posting. I didn't know how far behind I was on all this technological stuff.

Life is good!
GrandpaBruce - Vietnam Vet - 1970 - 1971
Computer: Intel Core i7-920 Nehalim;Asus P6T Deluxe V2

Comments have been disabled for this article.

News archive