X
Tech
Home Tech Services & Software Operating Systems Windows

Is running Windows XP on ATMs stupid?

When creating a secure, locked down IT system — for something that is directly responsible for handling cash transactions — would you choose the most popular, most targeted operating system?
Written by Liam Tung, Contributing Writer

When creating a secure, locked down IT system — for something that is directly responsible for handling cash transactions — would you choose the most popular, most targeted operating system?

You would think that running the most widely used operating system on your network of ATMs is just an invitation for trouble. At least some security folk reckon XP makes ATMs an easy touch for hackers.

But not the execs at National Australia Bank (NAB), who this week announced the bank is overhauling its 1,600 ATMs to run on Windows XP.

Gibbins and NAB are not alone on this front. Seventy-five percent of Australia's ATMs run on some version of Windows, according to an NCR spokesperson.

Why?

According to NCR's chief technology officer Alan Chow, running ATMs on Windows is about "brand image".

"Banks spend a lot of energy personalising [an ATM] screen. The ATM is the brand image of the bank. If you want to see the difference why they choose [a full version of Windows XP] — versus a stripped down embedded OS — go to the ATMs at the corner store and compare the user interfaces. Without the interface, it's just a cash dispenser. This is about brand image," he said.

So there's a trade off between convenience and security. I can appreciate that. And I'm sure NAB can mitigate the threats that affect the rest of the world on Windows XP from affecting both its 28,000 newly XP'd desktops and now its ATMs. Running Windows doesn't necessarily mean you're screwed. Just Ask Bruce Schneier.

Back in 2003, Cambridge security researcher, Ross Anderson, in a Wired article, said ATMs running Windows would likely see a Slammer style attack, resulting in money spewing forth from thousands of machines.

FUD and rubbish, said Bruce Schneier. Why? Because in 2003 the machines did not operate online and therefore would not become vulnerable to a malicious Internet attack or to some virus passed around in an e-mail attachment.

But National Australia Bank proudly announced this week that it will be the first bank to roll out ATMs that operate on TCP/IP networks.

So don't be surprised if you start seeing ATMs spewing cash from their dispensers. I am going to carry around a swag bag just in case.

Editorial standards
Show Comments

Related

Anker Solix X1

Not into the Tesla Powerwall? You can now buy the Anker Solix X1

windows-11-laptop

Microsoft is now showing ads in Windows 11's Start menu. Here's how to block them

Placeholder product image alt text

The best AI image generators to try right now