ATMs at risk of hacking and viruses as Windows XP support ends

More than 95% of ATMs run the Microsoft operating system

In less than a month, most of the world’s ATMs and a large portion of its computer-based industrial control systems will become a lot more vulnerable to hackers and viruses.

On April 8th, Microsoft will stop issuing updates and patches for bugs in its Windows XP operating system, which was released in 2001 but remains widely used, as companies put off the costly and complex task of system upgrades.

That delaying will make it easier for hackers to break into the main systems still running XP, security experts say, in part because Microsoft will continue issuing updates for the three newer versions of Windows.

Those updates can be reverse engineered to find weaknesses in XP.


"The probability of attackers using security updates for Windows 7, Windows 8, Windows Vista to attack Windows XP is about 100 per cent," Timothy Rains, Microsoft's director of trustworthy computing, told a recent computer security conference in San Francisco.

The potential security problems that will follow the end of Windows XP support could be greater than when Microsoft ended support for even older systems, Windows 95 and 98.

The number of computers worldwide has grown, particularly in poorer nations, security experts point out.

The system has also been around far longer than its predecessors, more than 13 years compared with less than a decade for Windows 98 and Windows 95.

About 40 per cent of personal computers still use Windows XP, according to data from research group Netmarketshare.

Beyond PCs, Windows XP also powers ATMs, medical devices, industrial control systems and some of the hardware used for swiping credit cards, said Jaime Blasco, malware researcher at AlienVault.

More than 95 per cent of ATMs also run the operating system, according to NCR, the largest provider of ATMs globally.

It expects only a third of ATM providers will upgrade before Microsoft's April 8th cut-off.

The challenge, said Mr Blasco, is that many companies have built their own software that is only compatible with XP. Rebuilding that is expensive and ironing bugs out of the new version would take time.
– Copyright The Financial Times Limited 2014