Windows XP is probably the worst operating system to power an ATM, considering the fact Microsoft has now retired it, several vulnerabilities are floating around for it, with no new updates in sight.
And yet, many banks and financial institutions continue to run this version of the OS on their ATMs.
The world over.
Embedded versions of Windows XP or not, these machines are exposed to attacks. Mix in the lack of updates with bad configuration from IT administrators, and you have a recipe for disaster. Case in point, this new one that makes ATMs ridiculously simple to hack.
According to this report, machines operated by the State owned Russian bank Sberbank are powered by Windows XP, and they suffer from security holes that make it possible for pretty much anyone to hack it.
Basically, the full-screen lock system that prevents the ATM from accessing other parts of the operating system can be bypassed by simply invoking Sticky Keys — as in pressing the Shift key five times in a row to bring up this Windows feature.
You can try that on your Windows system, too, right now.
Once enabled, it provides access to Windows settings, and brings up the Taskbar and the Start Menu, which can easily allow hackers access to other parts of the operating system using just the touchscreen.
What’s worse, Sberbank has done nothing to fix this issue. Which is telling, considering the fact that they are the largest bank in Russia and Eastern Europe, the third largest in Europe, and 33rd largest in the world overall.
As of 2014 standings.
Which is ironic, considering the last updates for Windows XP were shipped in April 2014, save for one emergency patch that was released this year to block the WannaCry ransomware.