Slashdot Mirror
Windows ATMs by 2005
An anonymous reader writes "O'Reilly Developer News is running a brief on how the banking industry will be running a stripped down version of windows on 65% of its ATM machines by 2005. On a morning when I'm receiving the latest windows virus in my inbox every five minutes I feel very comfortable with this."
We have them in the UK already - the sight of ATMs showing an NT4 logon screen is not uncommon...
Um.... a good number of ATM's issued by a large bank I used to code for run NT 4.0. This isn't late breaking news.
Saying Android is a family of phones is akin to saying Linux is a family of PCs.
I know for a fact that Natwest Bank here in the U.K tried Windows NT on their machines a couple of years ago. I saw three or four NT error dialogs in the first two weeks. They changed to some other system (Possibly going back to whatever they had before, with a different user interface on it) after a couple of month.
So its not that new an idea.
...like this before...
I actually saw a BSOD displayed on the ATM and it was frustratingly annoying...
Why can't the banks simply use the not-broken current embedded, probably written in assembly system that they use for ATMs now?
Why MUST it be changed? Are they going to add every service in the world to an ATM?
Great! Just what we need, long lines at the ATM, just like at the bank, where one person chews up the teller's time performing six months of banking at one time...
If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
Take your pick:
http://zem.squidly.org/bsod/
http://www.piemaster.co.uk/gallery/BSOD
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
Umm, those Coinstar machines are running windows, and they only have ~five buttons. It's not like they are going to be installing full terminals. They probably won't be much different from any current ATM you run into. You may not even be able to tell it's Windoze because the GUI will take up the whole screen. In reality, there are two vulnerabilites: the actual ATM program interfacing with the user, and the networking part. I'm more scared of the networking part being compromised. Of course, there is always some dumb person who puts a backdoor into the GUI to test whether it will actually dispense cash and never take it out, but that's not an OS problem.
A friend of mine took these photos of a Win NT Natwest cash machine shutting down.
This is a bit worrying.
Some ATM's already run Windows, I saw one that was bluescreened out in vegas in front of the Ghost Bar. Most however, run OS2. Diebold primarily uses OS2 in their ATM's, but there is some pressure on them from their clients to "upgrade" to windows. I think the biggest thing with going to windows is it's network security problems, RPC, DCOM, etc... As far as physical access goes, someone is more likely to steal the machine and break it open rather than open up the top to get at the keyboard.
The state of ATM security right now is pretty piss poor anyway, if you spend 30 minutes working with one you'll be scared to put your card in it. The keypads almost all support 3des for encrypting the PIN, but no manufacturers have turned it on yet because they are not required to until something like 2006, even though in most cases the infrastructure is all in place.
How do I know this? I work for a company that among other things, manages a ton of ATM's and I routinely have to work on them.
Sorry, but you obviously do not work in banking as a lot of new ATM's do have a TCPIP stack on them. That was the big push from finance institutions in order to play along with current network configurations. I am looking at a diebold ATM right now that is based on TCPIP.
Reylas
I've heard of a couple of other scams involving ATMs. One took place at a mall in California(?) -- the theives put in their *own* ATM that recorded numbers and access codes, but didn't give out any cash. They then collected the ATM, retrieved the card stripe data and access codes, cloned some cards and went on a withdrawal spree.
Most recently I was at an ATM that had a FWD: FWD: FWD: -type email taped to it warning of a new scam; thieves that put a plastic sleeve into the card slot that somehow allows you to use the ATM but captures your card. They observe your access code, and when you leave, they remove the sleeve+card and then do a bunch of withdrawals (to zero) and ditch the card.
The latter scheme seemed dubious; the chain-letter like WARNING on the machine, and the insertion sensors on card slots I can't see allowing something jammed that far into them. Plus this was at a gas station deep in suburbia where hanging around the ATM would be suspicious, and where the ATM was in a corner making its use a complete screen of the keyboard.
In college (mid 80s) an ATM in the student union had its comm line (cat3, looked like a phone line) exoposed, and it was in a seldom-used corner. We thought it would have been possible to hook a PC to the line and capture a legit transaction. We'd then repeat the transaction and just replay the responses from the remote end. But I'm sure that even in the 80s the comm links were encrypted and not spoofable like this. But it was a reasonable idea.
Trust me when I say that you have no clue what you're talking about. I work for a bank. We communicate with our ATMs over a dedicated line. Having an extremely stripped down version of Windows on an ATM really isn't going to make it a whole lot less secure. It'll still be the same way its always been: The easiest way to get money from an ATM is just to take the ATM. (No, I'm not kidding. We've had that happen a couple of times.)
Maintenance staff does not have 'root' access to the system. They have the ability to open the safe to place more money in, as well as to restock the paper feed for receipts. Thats it. If they're going to take money they're going to do it from the safe, then they'll get caught by doing so. We have one ATM technician and even he doesn't have 'root' access to the boxes.
Please do a little research before opening your mouth.
I am a leaf on the wind. Watch how I soar.
I live in the UK. Barclays bank used to use DOS based machines. Then they "upgraded". The NT machines now display all sorts of fancy pictures - and are about 100x slower than the old dos machines.
I recently noticed that all of the machines inside (that the bankers use) are Windows 2000 machines; replacing the x terminals they used to use. Clearly someone has made a bad decision in IT management inside of Barclays.
In Sweden we have ATMs with Windows NT already. Twice I've seen an ATM with the blue screen of death...
I have seen the pressure to go COTS first-hand myself in an application where it really wasn't a good engineering decision. But the price and functionality of the COTS system exerted tremendous pressure on the selection process.
And again, Enron was a financial services company, as were the New York investement houses that served it, but that didn't make them immune from doing stupid things.
sPh
They already run off the shelf software and have for quite some time. At least one major national bank runs NT on their ATMs, while most other ATMs in the country run OS/2.
Unfortunately, this is what's happening. Microsoft has done the same with banks as what they've done with most corporate entities -- 'bid' systems and training to them. The deal is that most banks store information in MS databases, most Internet bank interfaces are ASP applications (.NET will make this worse). Whether or not it's 'secure enough' is not a question...
4 1775 for a good discussion about how credit/ATM cards work and links to many resources on the subject).
Believe it or not, there are people who get paid very well to administrate Windows computers and they like Windows very much.
I'm not sure how hackable these machines will be either. ATMs use either dialup or ISDN connections to communicate centrally with banks, so they're not going to be on any public network (check out http://answers.google.com/answers/threadview?id=2
Additionally, there isn't much room for hacking an ATM... I mean, without taking the thing apart, you have 21 keys maximum (4 - 8 keys to choose options on the screen, 10 keys for numbers, an OK key, cancel transaction key and backspace key) on most machines. Without opening the thing up, you're not going to get very far.
While Windows may not be secure over a public network with all sorts of services running, on a private direct connection with solid software, there's really no vulnerability here. You should learn a little more about how these machines work... they're not on some wide-open network hole waiting to be exploited.
ATM transactions are also encrypted, and I think we all agree that Microsoft is definitely pro-encryption.
So, before we go bitching about MS getting their stuff put on ATMs, I think we should look at the online interfaces to our accounts which are much more insecure than any ATM that will have Windows (and all the posts here seem to just be whining about how insecure it will be). I guarantee that you losing your ATM card is the most insecure thing that can happen in this regard without taking the ATM apart. A UNIX-based machine would be potentially just as vulnerable if you consider this possibility.
On the other hand, I think poorly written online banking software accessible through web-browsers on any platform is more of a security threat to your banking.
On a final note, in the Netherlands, anyway, banks give you this little device that you put your card in and it generates a hash that you have to type in every transaction. Is anybody aware of what is actually being hashed? I wouldn't think it's any private data on the card, because several banks don't require you to insert the card into the device. The best I can tell it's simply a couple of hashing algorithms hashing the current time (with about a 30 second period -- i.e. two hashes within n seconds generate the same hash) and... ? The PIN? Not sure.
Anyway, food for thought for you overly-hyped cynical freaks.
www.sitetronics.com/wordpress
You've obviously no clue who Bruce Schneier is. He's the author of the (infamous) book "Applied Cryptography", invented the Blowfish and Twofish algorithms, has played a major role in analyzing (cracking/finding weaknesses in) major security algorithms. Bruce is the leader in this field. He is the president of Counterpane (http://www.counterpane.com/). If anybody has a clue about security, it's him. Get a clue before you post.
www.sitetronics.com/wordpress
Anonymous for a reason.
I work for one of the major manufacturers of ATMs in the world and while the Windows OS is somewhat stripped out - it still contains most of the major guts. However, the bank where I was working installing these has dedicated lines to each of their ATMs - the banks then communication with each other (thus you can get your money overseas).
Personally, I view this mostly as a good thing because it was getting very difficult to get any hardware that still supported OS/2.
I have had the recent pleasure of watching the V-Com ATM machines being installed in our local convenience stores. They are PC's controlling the system, using Internet connections over TCP/IP to communicate, running Windows NT Workstation 4.0 SP6a. They have a custom keyboard missing the CTRL, ALT, and other state keys, and a touch screen interface to boot. And they can be crashed so easily it goes beyond funny to just plain sad.
The tech doing updates opens the bay, plugs in a regular keyboard, logs on to an e-mail account, and runs the patches distributed that way.
Not something I really would trust with my money!
You can have it fast, accurate, or pretty. Pick any 2.
In my neck of the woods, a significant number of ATM's are already running a version of NT-- specifically, the WellsFargo ATM systems that are color-- I've seen them during install/maintanance at a UI that is definitely NT, and I've also seen one BSOD with an NT Kernel error on one occassion.
I'm not sure this is a good or bad thing-- it's not like ATMs are that reliable anyway, with eaten cards, "atm not in service", etc.
I have no idea what the source of this article is, but I work for the company that owns 80% of the world market in ATMs. I'm not in the ATM part of the business but the plant that makes many of them is in the same building where I and other developers are, and I walk through the plant to go between the employee parking lot and cube-land every day, so I see all the ATMs in production and testing etc. Guess what? They all run windows. When I started working there 3 years ago they were running NT 4 - they've just switched to 2000. Inside those things is just a stripped-down PC.
The bank connection does *NOT* have federally mandated encryption in most cases, not until 2006. I don't know of a single company that uses it, and I work in the industry. Stick a sniffer on the network, and you'll see everything.
Ummm... You're the optimist aren't you.
I worked in the EFT industry for about 5 years as an engineer and I can say that you are so wrong it's not even funny. The people that make decisions are worried most about how much it's going to cost. If it wasn't for cost, every bank would be processing transactions in real time rather than relying on batch processing on IBM's that are as old as I am.
When a "new" technology comes along in the industry, it's usually applied to the old technology model. For example, when the processor I worked for started using TCP/IP as a transport between datacenters, they didn't encrypt the data end to end. Instead they just replaced some older dedicated link and relied on the same weak ass pin block encryption they always did, paying no mind to the fact that someone with a notebook and a network card could easily yeild 40-50 complete cards per second.
And if you think because it's financial that everything has to be balanced to the penny, you're so wrong. To start with the legacy systems that some networks have to deal with ensure that reconcilliation will NEVER be 100%. Then add to it that if the money is right, a processor will further bastardize their code to accomodate someone else's improper implementation. You end up with a legacy system that often produces unexpected results when something out of the ordinary occurs (I remember one morning when people were being credited several billion dollars to their account after returning something to a store).
As far as auditors or regulators plugging the holes, fat chance. Regulators are more concerned about transaction fees being present on the front of ATMs and the taxability of the transactions that occur. The auditors only know what the engineers tell them since they are usually not engineers or marginal ones at best. The auditors are primarily interested in the paperwork trail left behind from production code installs. If the paperwork looks good they're happy. Mind you that as far as the auditors are concerned, good looking paper work means that it exists. They do not look for proof of testing other than a signature, in other words no supporting documentation showing the before and after effects of the change are required to be documented. Furthermore no regression test is required to show that nobody piggybacked malicious code on the issue. In otherwords the auditors just smile nicely if you hand them a big stack of papers.
Ultimately, the EFT idustry is filled with dinosaurs, people that talk about how funny it was when they used punch cards or learned some obscure language in college that hasn't been used in decades. When I left the industry 4-5 years ago, there were people that still used their PCs as dumb terminals because they didn't understand the whole personal computer thing (I'm REALLY not joking).
So as far as Windows being used on ATMs, they are going to do as they've done in the past. They will build the machine but instead of putting OS/2 on it, they'll install windows on it. They will rely on the same security they always have, and why shouldn't they? It's served them well for 30 years.
-- Button up, your ignorance is showing
A friend of mine who is a tech for Diebold tells me that virtually ALL of Diebold's ATMs are Win2k already. If it has a color LCD. It's Win2K.
Device Estonian folks used was actually quite sophisticated. I saw short clip of it on YLE News on TV back then. From later news transmission that part where electronics and construction of device were shown was removed and on the one time they showed it some police came and moved device away from cameras. Guess cops said you're not allowed to show that on TV.
These are facts:
Device had card reader. It was placed on front of real card slot so when you inserted card magnetic stripe was read.
People who's cards got copied said it was difficult to get card out from ATM machine. This was because after transaction ejected card was partially blocked by extra reader device those guys installed.
Keypad had kinda sticks on bottom so when you pushed number on spying keyboard it pushed real button under it at the same time. Electronics connected to fake keyboard recorded your PIN and saved it to NVRAM among content of magnetic stripe it just read as well.
Card reader was connected to keypad module that had most of electronics using cable. Cable was covered with square plastic housing to keep it less obvious what was going on.
Since you got your money from ATM no-one suspected anything fishy until day or two later when your bank account was empty.
Crooks were waiting on nearby car. After some
time they went to ATM and removed their device.
Ok, those were facts. There were some claims that device had also WLAN or some other wireless connectivity so card numbers and PIN codes would have been transferred to crooks realtime. However I think that's just rumour.
Device had factory made looking PCB inside. Probably some SBC development thingy.
If there's someone with Helsingin Sanomat archive access you could probably find more details from there. HS is Finnish newspaper so that part was for finnish readers.
I've seen at least 4 ATMs over the years which have been running Windows, and made it obvious.
I had the opportunity to study one in detail, as it was installed in a hospital I was visiting at the same time as the backup generators were being tested - so the power was a bit glitchy (and there was no evidence of a UPS on the ATM).
It was made by NCR and had a fancy TFT screen. It was installed in the in-hospital branch of Barclays bank about 4 years ago. Clearly it was upset at the transition to emergency power and had locked-down.
However, when when mains power returned - it rebooted. It appeared to be a conventional industrial PC. It used a Pentium 3 450 MHz CPU and had 128 MB of RAM. (Can't remember HDD details).
It booted Windows NT4. It auto logged-in to some user account, and then started running a batch script. The conventional although rather sparse NT desktop (including such delights as internet explorer) was visible for the 10 mins that the batch script ran before the ATM software started.
This was the only one I've seen boot-up, the other 3 made their OS clear by displaying a variety of NT 'STOP' errors.
http://www.theinquirer.net/?article=11130
Yes ATMs have floppy drives, and some even have CD-ROM drives. The problem though, is that these drives a long with the rest of the computer running the ATM, resides within the safe. Good luck getting in without stealing the whole machine first, in which case once you're in, steal the cash and dump the machine.
--
"Karma can only be portioned out by the cosmos." - Homer Simpson [1F10]
Really? What about Bank of America's ATMs
http://www.intellnet.org/news/2003/01/25/15801-1.h tml
Granted, the BoA ATMs weren't directly attacked, but it does indicate that they were online.
Hmmm... Let me see here, looking at a Diebold ATM right out of the box:
IIS: FTP, HTTP, SMTP
Front Page Extentions
Apache w/ Tomcat
ALL default windows services
ALL default windows shares
NO password on the Administrator Account
NO password on the Diebold service account
Windows 2000 Service Pack 2
NO critical updates or patches for the last year
Oh yeah - I feel much better now. Thanks Diebold!
The company I am working for at the moment does SubHost systems and ATM software for large banks mostly in the third world market.
:-)
At the moment we have two ATM products. The first runs on OS2 systems. The code is a pig, its impossible to understand, but it works. The systems are mostly stable, and if they do go down, they just reboot and reload. (and they do go down often, we install systems in the middle of fricken nowhere, so power reliability is a joke. hell even comms is a problem when people dig up the cables to steal the copper).
We also have a win32 product that we are just starting to roll out in a big way. Biggest problem... scandisk if the machine isn't shutdown properly. Loading an atm is a PITA most of the time, but having to wait for scandisk is a real problem.
Security, not really an issue. The atms themselves are pretty stupid, they don't do much with out the subhosts say so (unless they are running offline, which only a few banks allow in our market). And getting the money out of the safe has nothing to do with the software.
Reliabilty is the biggest problem IMHO. But that said, I have an interest in staying with OS2, I would like to keep my job