Forgot your password?
typodupeerror
The Almighty Buck Microsoft Windows

95% of ATMs Worldwide Are Still Using Windows XP 346

Posted by samzenpus
from the if-it-aint-broke dept.
BUL2294 writes "95% of the world's ATM machines are still running Windows XP and banks are already purchasing extended support agreements from Microsoft. (some of the affected ATMs are running XP Embedded, which has a support lifecycle until January, 2016). 'Microsoft is selling custom tech support agreements that extend the life of Windows XP, although the cost can soar quickly—multiplying by a factor of five in the second year, says Korala. JPMorgan is buying a one-year extension and will start converting its machines to Windows 7 in July; about 3,000 of its 19,000 ATMs need enhancements before the process can begin...'"
This discussion has been archived. No new comments can be posted.

95% of ATMs Worldwide Are Still Using Windows XP

Comments Filter:
  • by Anonymous Coward on Thursday January 16, 2014 @08:40PM (#45981723)
    I worked for an ATM software development shop called Phoenix Interactive. The software we wrote was mostly C++, with some C mixed in to deal with updating the main software. The main ATM manufacturers (Diebold, Wincor, NCR) all only create Windows drivers (or did, 10 years ago when I worked there). The OS is locked down hard, while you may see the occasional blue screen, even if you had a keyboard plugged in you would not be able to stop the software from running or move it to the background without triggering a restart and a tamper alert back to the bank. Windows can be locked down just as well as Linux, it's just a royal pain in the ass to do so.
  • OS/2 Warp (Score:4, Informative)

    by transporter_ii (986545) on Thursday January 16, 2014 @08:48PM (#45981765) Homepage

    [O]verall, OS/2 failed to catch on in the mass market and is little used outside certain niches where IBM traditionally had a stronghold. For example, many bank installations, especially Automated Teller Machines, run OS/2 with a customized user interface.

    http://en.wikipedia.org/wiki/OS/2 [wikipedia.org]

  • by Anonymous Coward on Thursday January 16, 2014 @09:06PM (#45981857)

    Actually, that doesn't worry me nearly as much as Windows for Warships.

    You jest but the US Navy was (is?) using Windows as the OS for drive-by-wire hovercrafts. One bluescreened and ran out of control in San Franscisco.

    ~Demonoid Penguin (moderating)

  • by Anonymous Coward on Thursday January 16, 2014 @10:05PM (#45982123)

    All that being said, the XP ATMs are perfectly safe. They are behind some rather crazy firewalls.

    Nope.

    http://www.extremetech.com/extreme/173701-atms-running-windows-xp-robbed-with-infected-usb-sticks-yes-most-atms-still-run-windows [extremetech.com]

    And another successful attack vector using Plotus http://www.atmmarketplace.com/article/221087/Mexican-ATMs-fall-prey-to-new-cyberattack [atmmarketplace.com]

    Successful malware attacks (both gaining access to the local cash and screen scraping and keystroke recording of customer information) through ATMs have been going on since 2008 and Diebold would most certainly be well aware of this, even if they are choosing not to bring it to your attention.

  • Re:Why XP? (Score:5, Informative)

    by tftp (111690) on Thursday January 16, 2014 @11:08PM (#45982475) Homepage

    why would they chose XP in the first place

    XP was a very good choice compared to Linux as it was 12 years old. Cost of Windows ($50 per copy?) was entirely immaterial. The important things were maturity, support, features, and toolchain. Linux in the year 2000 was light on those. Where in Linux's Event Viewer is the Security Log? How many objects can be audited in Linux? In NT - a lot, and it all was available immediately. In the toolchain department even today autotools give you a horrifying experience compared to MSVC.

    Developers of ATM took the most complete foundation for their work (the OS) and then added what was custom. If they started with Linux, or BSD, or DOS, they'd have to add far more - and the more you write yourself the more you have to maintain. If they started with Linux that would be kernel 2.0.x - and today we are on 3.x, with gigabytes of patches applied to libc and other essential components of the system. It would be extremely difficult to upgrade and maintain.

    and why have they not moved to something else in the last decade?

    Who is going to pay money for fixing what isn't broken? It's not broken even today, that's why they want to keep the machines running. It's pretty expensive to send engineers to tens of thousands of ATMs to upgrade them, since doing it remotely might be too scary. The hardware also probably went through ten revisions, so each ATM runs its own set of drivers that were customized to the hardware that is installed. Your upgrade task would require you to support all that old hardware - and that is a dead end job. Better to just keep the thing running until it falls apart, and then replace it.

  • Re:Price? (Score:5, Informative)

    by icebike (68054) on Friday January 17, 2014 @12:27AM (#45982845)

    Banco do Brasil [atmmarketplace.com] moved to linux ATMs in 2008. IBM backends, Linux ATMs. As has Banrisul, largest southern region bank in Brazil.

    Third biggest ATM country in the world, and you haven't heard of it?

  • by Artifakt (700173) on Friday January 17, 2014 @12:38AM (#45982901)

    On some designs, a 16 key pad has extra pinouts which were originally intended to drive the circuits for Dual Tone Multi Frequency signalling built in (think of AT&T). These don't drive tone generators in ATMS, but they may reliably put out a square wave 1/2 second long pulse while the main pinouts are outputting a pulse of the length the finger stays on the key.
            On other designs, it has sensors to disable signaling when temperatures get above a certain value (think of the anti-fire security common on elevator keypads - this gets used on some 16 key designs because they also get used in door security systems, rather than them commonly being used in elevators, or people really worrying that an ATM on fire may start spewing money).
            Some designs used to incorporate the very same additional chipset used in soda machines so the owner could put those into maintenance modes (see "hacking coke machines"), and they let the ATM service tech run diagnostics by entering a reserved pin number or longer sequence, but I'm not sure if any of those last are still in use.
            There are rumors of radio frequency signalling built in, and sometimes actually used to get the pad signal to the servos it controls when the physical mounting for the ATM is in a sufficiently awkward location. I don't think those rumors are likely, but I wouldn't just assume they are completely bogus either. Alternately, I suspect the parent poster may be referring to various claims that the pads can be used to scan fingerprints and even to tell a live finger from a severed one, but these last are certainly urban legends.

  • Re: Price? (Score:5, Informative)

    by icebike (68054) on Friday January 17, 2014 @12:40AM (#45982911)

    Nice try:

    ORDER granting 829 Stipulation of Dismissal filed by Bedrock Computer Technologies, LLC, Google Inc. The verdict rendered in this matter is VACATED and all claims for relief asserted by Bedrock against Google are DISMISSED with prejudice.

    http://docs.justia.com/cases/federal/district-courts/texas/txedce/6:2009cv00269/116887/830/ [justia.com]

    Bedrock also lost to Yahoo and Amazon, over the same patent and they have thrown in the towel.

Business is a good game -- lots of competition and minimum of rules. You keep score with money. -- Nolan Bushnell, founder of Atari

Working...