According to a report in the Financial Times, Microsoft will stop issuing security patches and updates for bugs in the Windows XP system starting from the 8th of April 2014. This leaves 95% of all ATMs which run the operating system vulnerable to hacking. Machines that run on outdated operating systems that are not receiving security updates are the easiest to hack.
It is stated in the same report, which cites information from NCR the largest provider of ATMs, only a third of ATMs will be able to upgrade before the 8 April deadline. This cut-off date has been a long time coming as Microsoft has been trying to wean user off Windows XP.
Its attempts to migrate users off the system in 2007 were unsuccessful because of its popularity. This led to a 7 year extension which will now expire, starting with support. According to a separate report from Business Insider, Windows XP, which was first released in 2001 is Microsoft’s second most popular operating system.
Most institutions had been putting off system updates as the process is complicated and expensive. Any further delays to system upgrades might save banks money and the complications in the short term but this increases the risks of hacking.
Whatever updates Microsoft issues for its three newer operating systems can be reverse engineered to identify weaknesses in Windows XP. In the same report from the Times, Timothy Rains, Microsoft’s director of Trustworthy Computing is quoted as confirming with certainty the risk of attacks based on updates for Windows Vista, Windows 7 and Windows 8.
In other reports, it has been suggested that banks will likely engage Microsoft in special arrangements for extended security support. Analysts also expect that financial institutions will invest more in other forms of cyber security.
Rains has warned how developing countries are at a risk of experiencing a rise in malware frequency which is attributed to high incidents pirated software use. While all of this is a huge issue on a global scale it remains to be seen whether Zimbabwe’s own financial services institutions are geared for what might happen.
9 comments
I always thought Windows XP was the most popular OS from MS!
It would have been good if you had contacted local banks to get feedback on their position. Otherwise this is just another of your copy paste articles
True most of the old ATMs in Zimbabwe still run windows XP and some shockingly are still running on Windows NT. This is because ATMs come with a PC just like your normal desktop only slightly different, therefore just like you need to upgrade your hardware to install Windows 7 when coming from XP its just the same for ATMs and in some cases you need to replace the PC altogether if this is not possible. So this is why some banks are still on the old operating systems. But the new ATMs that we have been rolling out for the past 2 years have windows 7.
Fortunately for those banks that use Wincor ATMs there is a solution, Wincor Nixdorf’s new PC/E Terminal Security software ensures that banks that continue to run Windows XP on their self-service systems can operate their systems securely even without Microsoft support. PC/E Terminal Security helps harden the operating system with a wide range of intrusion and access protection instruments, ensuring comprehensive protection for ATMs, even against unknown attack scenarios.
But what i know for sure is whilst all these solutions are available for our local banks to take up, they have this wait and see attitude. They will wait for an attack to happen then they implement the security measures.
Dude the info in your comment is not accurate:
1. ATMs come with a standard PC that’s not slightly different as you point out.
2. The reason why banks continue to use XP on their ATMs is not a hardware upgrade issue but a software issue. Most ATMs use Agilis software and it works optimally on XP.
I am an ATM Engineer trust me i know what i am saying.
1. The ATM PC core is not the same as a standard PC, show me a regular PC that has an SDC controller, and other boards that are on a PC core. You cant pick up a regular PC and put it on an ATM and expect it to work.
2. Not all ATMs use Agilis there are many other ATM Application Software like Triton PRISM, , NCR APTRA , KAL Kalignite Software Platform, Wincor Nixdorf ProTopas, which is more popular than Agilis which is used mainly by Diebold. Diebold has just a few ATMs in Zimbabwe.
Before you go saying my information is not accurate, do your research.
The problem which MS created for themselves initially. Many companies became successful with this OS. Applications and systems built on this OS are difficult to replace/upgrade.
But I also blame the banks themselves. So many of them still use archaic platforms. I hear some still use NT and 98 and still coding in COBOL85?? This means that these banks do not value the importance of IT in their businesses. Now with internet and social platforms playing crucial roles in businesses, I can imagine how much they need to redo their whole system. A case example is PnP which was using some old POS to run their many supermarkets. They lost market share to rivals Shoprite who had been doing some major IT work in their business for some time. After 4-5 years and almost R4bill later on SAP, they still struggling to gain advantage but they realised that they cannot continue on that torrid path on “bandading” a system.
I do not feel sorry for the banks that make loses due to the loss of XP. They know better but prefer profits than investing back into their businesses. Every business must have an upgrade path/plan which they need to follow to minimise these risks like every 5-7 years, acquire new hardware, upgrade applications, introduce new tech applicable to business, etc.
Outright lie when you say some banks still use COBOL85. Prove me wrong by giving examples of local banks still using COBOL85
its worth pointing out that ATM’s wont be running full blown xp as seen on most desktops but a highly cut down and optimised version that has been specially hardened, also the network access is very restricted such that most (not all however) attacks will be fruitless.
i also note that innscor use XP embedded on there POS machines too…
I just cannot understand WHY so many are being conned into believing XP will HALT after some fictitious date. Why are they content with being threatened by MS? Windows XP will indeed CONTINUE to work unfailingly day after day, after month, after year… regardless of updates and security fixes. ANY knowledgeable guru will tell you the same thing. Just keep your nose out of porn forests and other nefarious URLS. Make a pristine smooth-running image just in case your teenage nephew talks you into letting him use your computer. My home laptops and PCs will literally fall apart with age before XP fails. Mine ain’t broke, so no need to “fix” it.