As XP nears its own demise, ATMs face potential crisis

That crisis will depend on how many of the world's ATMs, 95 percent of which have XP on them, can migrate to a newer OS that comes with support
Written by Rajiv Rao, Contributing Writer
ATM man cash


If some of your worst, paranoid fears involve slotting your ATM card into your neighbourhood machine and then finding out that, lo and behold, every penny in both your Savings and Checkings accounts has mysteriously vanished without a trace—well, that may just become something to take seriously post April 8th say experts. 

For April 8th is the day that Microsoft will stop support service to one of their most popular operating systems in history, Windows XP. While around a third to a quarter of the world's PCs are estimated to house XP, apparently 95 percent of the world’s 3 million ATM machines run on it.

Microsoft has said that it will continue to support security products through July 2015, however it has apparently issued a warning stating that "the effectiveness of antimalware solutions on out-of-support operating systems is limited." India's Reserve Bank (RBI) also issued warnings about the April 8th deadline.

As far as India is concerned, it gets a little confusing as to how many of the country’s 110-140,000 plus machines will be affected. Amrish Goyal Microsoft India General Manager (Windows Business) has been quoted widely saying that the number of ATMs in India needing an upgrade will be higher (as a percentage) than the 35 percent XP installed base amongst computers that proliferate in the financial sector. Other figures put it at around 20 percent.

XP India

In other words, India's situation may not be as dire as those in other parts of the world due to relatively recent adoption of ATMs which translates into newer models and operating systems.

Still, for the machines running XP, at first glance things don't look so rosy. As this article points out, ATMs in India are run by manufacturers such as NCR and Diebold. Navroze Dastur, managing director at NCR India, is of the opinion that less than 25 percent of XP ATMs will be realistically able to migrate before the deadline. "We had reached out to banks about 6-9 months ago and we've been in dialogue with them about upgrading their ATM network. There are a number of issues with upgrading operating systems… Some of the machines' hardware may not be upgradeable and some may need hardware upgrades for the new operating systems," he said.

In India, a preponderance of XP-run machines belong to nationalised banks that have a reputation of being as nimble as an elephant in the summer heat. Which means, if you own a bank account at any of these  institutions, don't count on any speedy changes. If you factor in the cost to upgrade to Windows 7—which could range from a few hundred bucks to a few thousand dollars if the machine needs new hardware—a quick upgrade looks even less likely.

So, how real a security threat is the XP expiration? According to this article two researchers at the Chaos Computing Congress in Hamburg showed how they were able to hack into an ATM in an unspecified European country with a methodology specifically suited to cracking XP using only a pen drive and malware which then gave them complete control of the machine.

On the other hand, here is an excellent, detailed analysis of the issue written by ZDNet columnist Larry Seltzer who thinks that there may be more noise  being made than necessary . In short, Setlzer says that ATMs are generally protected pretty heavily with firewalls and antimalware so getting into one of them may not be as easy as the hackers in the previous paragraph make it appear to be.

Much like the whole 'Y2K' end-of-the-world depiction at the turn of this century, the XP expiry will take some watching to see how things unravel.

Editorial standards