Your ATM likely runs on Windows XP, which means it's vulnerable to hacking: by @NealUnger @FastCompany

Your ATM Likely Runs on Windows XP, Which Means It's Vulnerable To Hacking

Microsoft withdrew support for the operating system most of America's ATMs run on this week, leaving them open to new bugs and attacks from hackers. And it will take a while for the industry to catch up.

On April 8, Microsoft officially discontinued support for Windows XP, which also means it will stop patching security issues. If a product runs on Windows XP, it's about to be far more vulnerable to hackers and criminals. That means big headaches for many critical industries that still use the legacy operating system, though perhaps no situation is as startling as this: More than 75% of the world's ATMs run on Windows XP.

That's bad news for banks. Christopher Budd of Trend Micro, a security firm, told Fast Company that banks continuing to run ATMs and internal systems on Windows XP computers exposes consumers to malware attacks. These attacks take place on a relatively common basis in situations where criminals find ATMs with weak security. ATM manufacturers, owners, and leasers are now scrambling to convert their Windows XP machines to more current (and supported) operating systems. In an internal risk assessment report, Mike Lee of the trade group ATM Industry Assocation wrote that the changeover would be "the most important change to the global ATM industry" in 2014.

Banks and ATM operators have been slow to upgrade Windows XP-based ATMs to more current software because of the costs involved. Upgrading an ATM to Windows 7 or newer flavors of Windows CE—a Microsoft operating system designed for consumer devices—takes about an hour of time, and requires physical access to a machine. Many ATMs, which can cost many thousands of dollars, also need hardware upgrades to run the newer operating system. Multiply that by the tens of thousands of ATMs that a bank may have across the country, and you see why the largest institutions kept riding with XP. It's a perfect example of how economies of scale prevent innovation and improved services—and not too different from the inability of American retailers and banks to switch from unsecure magnetic stripe credit cards to safer chip and PIN combos.

Microsoft's decision to abandon Windows XP is driven by equally primal economic concerns: It simply makes no sense for the company to devote resources to maintaining an older, increasingly outdated operating system. And anyway, most enterprise users have already switched to Windows 8 or 7. But ATMs, like industrial control systems and medical devices, tend to lag behind in these transitions because they have longer life-spans than desktop computers, according to Wolfgang Kandek, CTO of compliance and enterprise security firm Qualys.

So what happens now? The answer isn't likely to impress consumers: ATM operators are working at a steady pace to upgrade their terminals, but it'll take a while. Industry publication Computerworld reports that several major ATM operators have worked out arrangements with Microsoft to receive support after the April 8 deadline "at great cost." Diebold, America's largest ATM manufacturer, is running an aggressive campaign to upgrade their ATMs. Other ATM industry figures are also promoting stopgap security packages for XP-based systems. In the meantime, your local ATM will likely continue running an operating system whose defenses are down.

[Image: Flickr user Federico Parodi]

Add New Comment


  • Sarah Todd

    I am Sarah Todd from, USA and life has been so difficult for me ever since the death of my Husband, i tried all i could to make sure i feed my family but things seems to get worse by the day. One Faithful day after i came back from church, i was chatting with my Mum on the Internet when i came across a comment of How Mr. Smith Greg, the Director of the H.A.C organization helped her with a hacked ATM card. I doubted it because it sounds too easy, two days later, i came across another comment by Jessica Roberts commenting of how the the same man helped her with the same hacked card. But still i wanted to be sure, so i contacted Jessica Roberts and she told me that this was real. I had no choice than to give it a try by sending a mail to the organization, few seconds later i got a response demanding for my information which i did sent to him. He told me that i have nothing to be scared of that i will have my card withing three days, thou i still doubted him while waiting for a positiv

  • Paul Smith

    testimony of my life my name is kelvin Jensen i want to share my testimony on how i got my BLANK ATM card which have change my life today. i was once living on the street where by things were so hard for me, even to pay off my bills was very difficult for me i have to park off my apartment and start sleeping on the street of Vegas. i tried all i could do to secure a job but all went in vain because i was from the black side of America. so i decided to browse through on my phone for jobs online where i got an advert on Hackers advertising a Blank ATM card which can be used to hack any ATM Machine all over the world, i never thought this could be real because most advert on the internet are based on fraud, so i decided to give this a try and look where it will lead me to if it can change my life for good. i contacted this hackers and they told me they are from Australia and also they have branch all over the world in which they use in developing there ATM CARDS, this is real and not a sc

  • James Roquemore Wilson

    Microsoft has officially extended support for the ATM variant of XP until sometime in 2016. This was announced weeks ago.

  • This article is misleading. ATMs are on closed networks that hackers cannot get into. Also Microsoft is continuing to support Windows XP for many companies on a paid basis. At least some of the ATM manufactures are doing this.

  • Author of the article here.

    I mentioned the Windows XP support on a paid basis in the last paragraph of this story, and I'm very happy MSFT is doing so. As far as ATMS on closed networks... not so happy about that.

    Even closed networks have security flaws. Generally speaking (and, yes, painting these things with a broad brush) a network is only as secure as its administrators let it be. While the delays of many ATM manufacturers and customers in switching from Windows XP is totally understandable given the expense, it's also left them with a big opportunity for fraud--not too dissimilar from the magnetic swipe/chip & pin debate on POS systems.

    Given the nature of these things, where it only takes one flaw in a system to cause massive losses, I do think it's a good think ATM manufacturers are scrambling to fix things now.