Security firms warn most ATMs still run Windows XP


Security features on ATM machines are a nothing more than an inconvenience for hackers, and it wouldn't take them longer than 10, maybe 15 minutes, to break through the defences.

That's according to a new report by Positive Technologies which says there is a whole swathe of security vulnerabilities plaguing ATM machines everywhere.

"More often than not, security mechanisms are a mere nuisance for attackers: our testers found ways to bypass protection in almost every case," the researchers said. "Since banks tend to use the same configuration on large numbers of ATMs, a successful attack on a single ATM can be easily replicated at greater scale."

The researchers analysed 26 ATM machines from different manufacturers and providers. The results have shown that 15 of them were running Windows XP, while 22 were vulnerable to network spoofing attacks. Moreover, 18 were vulnerable to ‘black box’ attacks with the help of a Raspberry Pi or a similar machine, while 20 could be forced out of kiosk mode with an USB or a PS/2.

Finally, 24 had no data encryption set up on the hard drive.

Researchers are saying that the best way to protect their ATMs (and their customers’ money), is to improve the actual physical security of the machines. By locking away inputs and compute hardware of the machines, many of the problems they are facing could be solved.

They’re also suggesting banks keep an eye on logging and monitoring security events on their network.

Image source: Shutterstock/MaximP