Windows XP will reach End of Life on April 8th 2014, and there is already a lot of fear-mongering going on, on the Internet, about how ATMs are not ready for the XP Armageddon. But reading about Windows XP based ATMs, on few reputed websites, I came to know that these ATMs are not going to be as vulnerable as they have been projected lately.
There is much more to an ATM than just XP. Around 80 percent of ATMs, worldwide, still run Windows XP Embedded POS-Ready versions, with many restrictions in place, that would make it real hard to hack them. Besides, ATMs use plenty of security measures on the hardware part too. And lest I forget to mention, ATMs communicate using encrypted data – which further reduces the scope of them being hacked.
So then, are ATM machines going to be really vulnerable, especially after End of Support for Windows XP on April 8th? Maybe a bit because of external tactics such as skimming, but coming to software, Windows XP Embedded, it is not an easy pass to your data for hackers.
End of Support Dates for Windows XP Embedded Systems
I picked up this part from The Windows Club Forum. Following are the extended support dates for embedded systems:
- Windows XP Professional for Embedded Systems – Extended Support will end on April 8, 2014
- Windows XP Embedded Service Pack 3 (SP3) – Extended Support will end on Jan. 12, 2016
- Windows Embedded for Point of Service SP3 – Extended Support will end on April 12, 2016
- Windows Embedded Standard 2009 – Extended Support will end on Jan 8, 2019
- Windows Embedded POS-Ready 2009 – Extended support will end on April 9, 2019
It is thus to be noted that Windows XP Embedded POS-Ready systems will get support to up to 2019.
Reason Why ATMs Did Not Upgrade Yet
If we are to believe ZDnet, there is a major upgrade coming soon. There is some sort of new mechanism that need to be incorporated into the machines according to the new rules of MasterCard and VISA. Both these companies, along with EuroPay, have come up with some new technique to enable secure payments from ATMs. As usual, users will have to use their cards and PINs but the central system at banks should be able to process such transactions without any errors. There is a deadline too – April 2015.
Combining both upgrades, ATMs will want to move over to the new operating system while adopting this new technique for POS (Point of Sale). Go here for more about the CHIP&PIN technology and the future of Global payments..
Do You Need To Worry About ATMs?
Not really! That does not mean you stop following regular procedures like not giving your PIN to strangers or using machine while others are still around. Banks are trying to counter skimming type external attacks and I believe something will come out soon, if not already.
Our TWC Forum Moderator and Microsoft MVP, Bill aka Digerati has made an interesting comment:
I note the vast majority of the millions of bank ATMs around the world use XP Embedded. That said, because ATMs connect via VPNs, and don’t have open access to (or from) the Internet, the reported horrors stories of late by fear-mongers trying to sensationalize the mundane to increase viewer ratings, are simply another example of irresponsible, unprofessional, and untrue reporting by the media and attention-seeking, wannabe-expert bloggers. Sure, ATM systems can be hacked, but it is extremely difficult and rare. By far, most hacks are done by the use of skimming devices (covert card readers).
In short, you do not need to worry about ATM machine vulnerabilities arising out of usage of Windows XP, because XP is just one of the many components used by ATMs. Given the hardware security and encrypted transactions, the probabilities of hackers trying to get into ATMs are pretty slim.