Slashdot Mirror
Windows ATMs by 2005
An anonymous reader writes "O'Reilly Developer News is running a brief on how the banking industry will be running a stripped down version of windows on 65% of its ATM machines by 2005. On a morning when I'm receiving the latest windows virus in my inbox every five minutes I feel very comfortable with this."
From the Wired article:
.dll that gets hacked?
But one of Anderson's colleagues, Bruce Schneier, chief technology officer at security monitoring and consulting company Counterpane Internet Security, dismissed this [money-dispensing virus] scenario. He pointed out that the machines would not operate online and therefore would not become vulnerable to a malicious Internet attack or to some virus passed around in an e-mail attachment. Because the machines have no peripherals like floppy disks, it would be difficult for a cracker to install code or steal information.
Of course, everyone knows that ATMs have no communications links of any kind. It's just a box full of money with a power plug, right?
Duh! The ATM communicates with the bank, with the ATM user, *and* with the maintenance staff.
* The bank connection is some sort of comm line. Put encryption on it and maybe it's safe. But what happens when it turns out they've used some Win-standard encryption
* The customer sticks a card in and punches buttons. This is reasonably safe now, when you have little more than a numeric keypad with "Cancel" and "Enter" buttons. But the more Windoze crap they add -- they're talking about "lottery tickets and soft drinks" -- the more robust the UI will have to be. Are you sure you checked that buffer overflow?
* Finally, the maintenance staff has "root-like" physical access to the system. Sure, you have to get past some heavy-duty locks to get to the control panel inside the machine. Big deal, lots of crooks know how to pick locks... how many, though, know OS/2? But what happens when trojan-friendly Windows is the OS? Pick the lock, load the software (because there *will* be a floppy, CD-ROM, or USB port for upgrades), and dispense free, untracable cash whenever someone inserts an ATM card with magic cardno "1111-2222-3333-4444".
Perhaps using OS/2 was a way of de facto "security by obscurity". Installing Windows is more like "security by crossing-your-fingers".
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
i think this is less of a concern than it is made out to be. an ATM OS can be tested very rigorously much more easily than an entire OS (especially a bloated one). so i am not afraid of windows ATMs, security-wise. what i AM afraid of is how this lays another layer of brick that reinforces that MS monopoly - i hope some enterprising individuals offer a cheaper, features-competitive open-source system.
smd4985
Does anyone else think it might be a bad idea to give Billy Boy more power over money than he already has?
I couldn't fail to disagree with you any less.
I Hate That!!!!
I'm sib888, and I approved this comment.
With the amount of local banks in my local area that are using unsecured (non-WEP) protected wireless access points on their local LAN, I wonder how long it will take for a RDC that tells the ATM to spit out money?
There are security updates that take months for companies to patch on their local servers & workstations... how will a known security vunerability be fixed on a "stripped" version of 2K or NT in an ATM, and how long do you think it will take them to impliment these updates, if they can update them at all?
A lot of truth to that... but that's generally because of a bad software developer.
As a long time Windows developer, I would have to say that, for a great many painfully obvious reasons, Linux would be a better choice for this. It's cheaper, more reliable in that a developer can see the source code, and see what it's trying to accomplish, has nice GUI's, and many development platforms to choose from.
Even though the article says they would run on a stipped down version of Windows, Linux takes up a much smaller footprint and runs faster, so older/cheaper hardware could be used without any concern.
With large banks trying to cut costs/increase earnings (anyone tried to cash a payroll check at a large bank recently? "that'll cost you $5, sir") I find it hard to believe that they would choose the more expensive OS to run their software.
Saying Android is a family of phones is akin to saying Linux is a family of PCs.
I thought Microsoft had already convinced the courts that you couldn't strip these "vital components" of the OS out.
This is nothing new, certain banks have had NT running as for atms for a while now. Hell, the subway card dispensing machines in NYC run NT as well as the entire line of NJ Transit ticket-dispensing machines. So dont go off making silly comments of doom and destruction since guess what, they're already here and have been for a while! This is not to say that things cannot go wrong (I see the above mentioned machines being serviced fairly often and they do get errors), but lets not get too dramatic.
"What can a thoughtful man hope for mankind on Earth, given the experience of the past million years? Nothing." -Bokonon
Most ATMs are designed to go balls-up at the first sign of trouble and shut themselves down after sending detailed error messages to their owners via leased lines. Out of paper? Error message, shut down. Out of money? Error message, shut down. OS Crash? Error message, shut down. Damage to the ATM Case? Error message, shut down.
So you're saying they should be easy to shut down? Good enough for me.
I'm a writer, a poet, a genius, I know it. I don't buy software, I grow it.
If Vendor A makes an ATM that uses propriatary closed architecture and its units cost $125,000, while Vendor B uses Windows but its units cost $110,000, guess who is going to win the bids? So Vendor A goes to Windows + TCP/IP and gets down to $100,000/unit. Vendor B then responds with Windows + TCP/IP + "Internet connection to eliminate costly leased line charges". Guess who will win that bid? And there we are - the security of a closed system gone in three rounds of bidding.
Now perhaps that example is bad, because there might be regulations in the financial industry to prevent it. And such regulations might even be enforced. But then again, if Enron or Dick Cheney had bought a large ATM network...
sPh
I'M RICH! I'M RICH!!!!! WOOOT!
What kind of moron would use windows in an ATM? It's an OPERATING SYSTEM. Are ATM's so complex that they need a fricking OPERATING SYSTEM?
This is a place for a nice, tight, standalone application, the kind of thing you can bug check and make very secure, not some damn bloated windows app. I don't care HOW stripped down they think it is. There are 32,000,000 lines of code in WIn2k. Stripped down could mean as few as TWENTY MILLION LINES OF CODE. Oh yea, that's going to be secure.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
I belive that problems can really happen, it actually hapened to me once. I'm at the store and I pay a ~500$ purchace with my card. First try : Network Error, transaction cancelled. Second time, the machine didn't even try to connect. So I get to an ATM, get the cash and go back to the shop to get my purchace. Later that day, I got to go to the bank, and to my surprise, my cash balance is lower than expected. ~500$ lower, actually the money was lost during the transaction. I go see a councellor telling about the problem, he tells me that I need the transaction paper, the paper is down the trash at the store, so I get to the store, searches the trashcan for the paper, I finally get it, go back to the bank and wait for the councellor. When I see him, he tells me that that wasn't thir faul, and that I'll have to wait a few months to get my money back. Since I had a nice sum there, I told him that I was better to have my money back in the week or that another bank swill get me a their customer. The money was there by night. Error, happens and its never the financial instittutions fault...
Colosse.
I understand the standard windows=bad theme for slashdot postings, but think about it for a minute. It's in a box that's locked up tight, many with cameras around, not connected directly to the internet... so really... is there any significant security issue to worry about any more so than with the other ATMs around?
Man, you guys are like Pavlov's dogs. Taco rings the Microsoft story bell and out comes the rhetoric-spouting zealots. Sure, your points are valid security concerns. But they sure as hell aren't specific to Windows. Time for rebuttals...
.dll that gets hacked?
Point 1 - Comm line: But what happens when it turns out they've used some Win-standard encryption
Ah yes, God knows non-Windows communications software never has exploits (it's a link to the SSH exploit story).
Point 2 - UI: The more Windoze crap they add -- they're talking about "lottery tickets and soft drinks" -- the more robust the UI will have to be. Are you sure you checked that buffer overflow?
Uh, this is specific to Windows how? Microsoft isn't going to be writing the interface, the ATM companies are. And they'd be writing the EXACT same interface on whatver platform you want them to use.
Point 3 - Physical Access: But what happens when trojan-friendly Windows is the OS? Pick the lock, load the software (because there *will* be a floppy, CD-ROM, or USB port for upgrades)
Guess what - the best hackers out there are more familiar with non-Windows OSes than they are with Windows. TiVo runs Linux and it's had the shit hacked out of it. ReplayTV, while still hackable, hasn't had nearly the level of "unofficial" customization. It's a lot easier to muck around with software if you have the source to it.
Now, I'm not saying that Windows is more secure than other OSes. That thought is absurd. My point is that in a very tightly controlled environment, it can be just as secure as the next OS. My other point is that you guys are fucking insane with anti-MS zealotry. Why don't you try looking at the world without that chip on your shoulder.
I work with a lot of embedded controls systems and the use of Windows with these systems (for Human Machine Interface, data gathering, etc) is increasingly common. The security concerns related to viruses and worms are also more common.
Back when more of these systems used Unix, VMS, etc, it was not a big concern. The environment was so heterogeneous that you didn't need to worry. Now that everyone is running Windows, it becomes a huge problem.
I've been helping several of my customers lock things down and better isolate their control systems. There are plenty of ways to do this effectively but it only takes one careless tech to screw the whole thing up. While I'm confident that I can develop the infrastructure and procedures to protect the systems, I'm not confident that the procedures will be adhered to.
This has become such a large concern that many of them are reevaluating their purchasing decisions and considering turning away from Windows. The problem is that nearly all of the vendors are now producing Windows only solutions.
I would like to say that there would likely be similar problems if everyone was running Linux. While you can lock things down when you start to put the systems into the hands of less sophisticated users you will have the same problems. I see this as more of a user problem than a technology problem. The reason that these worms and viruses spread so fast is that users are not taking the procautions that they should.
Anecdotal support for this argument can be found at any large LAN party. There are always a number of bozos running Red Hat infected with all kinds of crap because they have no idea what they are doing.
You can give two guys the best woodworking equipment in the world and the best wood. One will produce an heirloom and the other will be in the emergency room getting his fingers sewn back on. There are more of the latter than the former in this world.
Guys... you have to realize these ATMs (unix, windows, other) are NOT on the public internet. They're not even on the same network as the workstation computers inside the bank. They may not even be using the same protocols, but I don't know about that.
The fact that they run Windows doesn't honestly mean much to me, because if the security experts in those banks are stupid enough to connect an ATM (or any number of other important machines internally) to any sort of public network... they're gonna get fucked at one point or another.
How often do you think a UNIX ATM's kernel/packages gets patched to fix that latest overflow discovered? Probably never.
no comment
Now this just doesn't make sense. Sure, I'd agree with a need to upgrade from OS/2 - even finding a way to put new software on OS/2 is going to get hard as time goes on. But why the decision to go to Windows rather than a sensible decision like embedded Linux, QNX, heck ANYTHING but Windows...
Windows does not provide the needed security, stability, or reliability needed for these applications. It does not provide real-time features that could allow certain security guarantees. The quoted reason, compatibility with "internal corporate networks" doesn't even make sense. Writing an interface for the functionality that ATMs provide might be an interesting project for an undergraduate intro-to-programming class. It's not like ATMs need to interoperate with the company Outlook Exchange server...
This sounds like a bunch of ignorant suits were herded into a room by MS salespeople and told the "benefits" of XP Embedded. I seriously doubt that anyone experienced who put any technical thought into the matter would decide to use Windows for ATMs.
-3Suns
~~~~
The Revolution will be Slashdotted
"They would prefer Windows, a platform they consider 'open' in that it is compatible with their internal corporate networks. Also, it's so ubiquitous that they can add features to all their ATMs without having to write multiple pieces of code for different machines." Bruce Schneier, a security company official, states that ATM do not operate online and are therefore not vulnerable to malicious viruses and internet attacks. No word on the blue screen of death."
ATM's don't currently operate online and this is a GOOD THING. However that goes out the "Window" if the whole point of going to Windows to the PHB's is that it's "compatible with their internal corporate networks"...
The article would seem to indicate that doing away with the very caveat that Bruce Schneier's quote uses to make this seem "okay" is part of the point of the exercise.
(shakes head in disbelief...)
Quoth he
"It's all academic anyway..."
It seems to me this article implies that the bankers' lack of information is a form of security.
They don't know exactly what services will be removed, and hence probably are not aware of what services could be running and producing security holes.
The fact it is customizable also seems to present itself as a major security issue. How are we to know that these customized ATMs that also deal out lottery tickets or supermarket coupons were necessarily programmed (by the banker) correctly and securely? We can deploy this en masse too? So the potential for a large scale security breach would be high?
I'm also a tad confused by the statement that it will be secure since it will not be hooked up online into a network. But it will have scriptable programming and customization?
Maybe if everything goes right, it will be perfectly secure. Are ATMs basically vaults and are we still making sure that that stays the same?
OS Crash? Error message, shut down.
There's a level problem there. The problem with OS crashes is the application doesn't get a chance to decide what to do, and even if it did generally wouldn't have the wherewithall to do anything useful. Even impending power failure is easier to catch.
-- MarkusQ
If Tyranny and Oppression come to this land,
it will be in the guise of fighting a foreign enemy. -James Madison
"operating system (OS) - The low-level software which handles the interface to peripheral hardware, schedules tasks, allocates storage, and presents a default interface to the user when no application program is running. The OS may be split into a kernel which is always present and various system programs which use facilities provided by the kernel to perform higher-level house-keeping tasks, often acting as servers in a client-server relationship. " -- FOLDOC
It's not a matter of complexity, an operating system is just a layer between the user and the hardware, takes care of all the background work for you, lay your ATM application on top of that (or even better integrate it in to the OS).
It's unclear how windows-like the ATM OS is/will be, I figure by "stripped down" they mean "the average person isn't going to have any idea this is windows, it just runs on the same kernel and has the ability to interact with other MS designed elements". That being said, I am certainly not pro MS ATM... AFAIK no where in the world does really "important" stuff (life support systems, defense systems, etc...) run anything resembling windows... I would much rather have my bank running something which is historically a little more secure/stable...
You're forgetting that there are actaully some smart people in the banking industry that will realize that having your ATM's running windows hooked up to the internet is a bad idea. The people that make these kinds of decisions are not fools.
Yeah, most noticably they don't have email users on the ATMs...
From the submitter's ingress, it looks like he fears that the ATM boxes will fetch email and open attachments automatically. I somehow do not believe that's the deployment process for updates going to ATM boxes...
Regards,
--
*Art
take the number of ATMs running Windows (N) and multiply by the cost of licensing each ATM for Windows (C), then subtract that amount from a Bank's earnings (E), and thereafter calculate how much more the ATM transaction fees will rise.
make no mistake, the cost of licensing all those ATMs with M$ Windows is going to be passed on to customers.
i remember back in the day, the implementation of ATMs was spun as a way for banks to save money spent on live bank teller salaries, and to pass on the savings to its customers, but it soon turned out so popular, that banks came to see ATMs as a low cost cashcow, and transaction fees increased from that point on.
i have therefore modified and optimised my ATM usage habits to reduce as much as possible my number of transactions.
Your money is insured people! There is a better chance someone will rip one out of a wall, then one being broken into through the OS.
I don't give a damn what books or code he's written , the way his quote has been presented makes it looks as if he doesn't think VPNs can be
compromised. Well I can assure you and him that they damn well can and I've been privy to it happening and if ATMs are on a VPN they'll eventually get hacked. Or would you claim otherwise?
- What caused the Big Bang?
- How do women think?
- and even: Why does anyone still run Windows on the desktop instead of something easy to use, such as MacOS?
are all trivial compared to, "Why would someone use Windows for embedded work?"Windows' only strength is the legacy/compatability issue -- there's a lot of software that still only runs on Windows, and sometimes network effects require you to run some of that software. But an ATM doesn't need to be able to read someone's MS Word document, and the platform simply doesn't have anything else going for it, except disadvantages.
They say it'll be more compatable with their networks? That is the most fucked up thing I ever heard. If your protocols between your ATMs and internal services are that complex and proprietary, where compatability is even a minor issue, then you are doing something terribly wrong. Your designers are either irresponsible and incompetent, or they are insane. I smell .NET.
I don't blame them for slowly migrating away from OS/2, but Windows? For Yog-Sothoth's sake, Windows!? And in 2003?!?
No-one in charge ever seems to take a second look and ask "do we really need a multi-GHz processor and OS just to decode a PIN and dispense cash?". I know Windows is ubiquitous, and seems like the safe option. But it's overkill, and any time you install way more computing power than you need, you're being wasteful, as well as taking a risk. Of course it has been amply demonstrated that Windows is NOT SECURE no matter how much the Microsoft salespeople claim otherwise. Note, I'm not saying Linux is necessarily better. I'm questioning the need for a full-blown OS at all, in these applications. Hell, I could build a simple ATM using hardwired logic gates. Installing a known-insecure consumer OS in a mission-critical application is fscking stupid, and it will cause problems. The people that make these decisions are simply hoping that they'll be promoted far enough up the ladder before it happens that someone else takes the blame.
I know the reason this happens is that by using a standard system it's much cheaper; you just have to find some VisualBasic code-monkey and whip up an application. Fundamentally, the problem is that the cost of this kind of insecurity is a) not immediately apparent and b) not born by the company. The costs associated with a cracked ATM will just be passed on to the consumer. The cost of the blackout will similarly not hurt the stockholders of FirstEnergy.
The simple truth is that sometimes you need regulation and enforcement; if there wasn't an FAA you can bet your life that 777's would run on Windows XP by now, with a literal BSOD on a weekly basis. OK, that's a bit extreme. But let's look at that situation as an example... I know reliable flight-control software is expensive, so let's assume that if allowed, some company would be tempted to use cheap off-the shelf equipment and software, thus making a cheaper plane. Pretty soon they would outcompete other builders (the margins are pretty thin on those things). Remember, if the only planes available were ones that ran XP, you as a consumer would have no choice as to what you flew. If every airline had a crash that often, there would be no competive pressure to improve (that's "just a cost of doing business"). The point I'm trying to make is that sometimes competive price pressure results in a "race to the bottom" in terms of safety, quality, or reliability. I suspect that's what we're seeing here.
Human genome = 3 billion base pairs = 6 GBit. Windows + Office = 20 Gbit. Which is more impressive?
The people that make decisions are worried most about how much it's going to cost.
And you don't think it's conceivable that someone will decide that the cost of losing billions upon billions of dollars when the Windows+TCP/IP+internet connection machines are hacked isn't worth it?
They may not be very security-savvy, but they won't do a massive rollout that will leave them with a nationwide network of completely broken ATMs that divulge money at the drop of a hat. Insider addition of malicious code, while a pain, doesn't even begin to compare cost-wise with complete public access to machines with internet-enabled, free-for-download, no-knowledge-required exploits.
You can catch and arrest a malicious insider if the losses start adding up. You can't just arrest the entire US.
kind of right - the suppliers to the banks are hammered on cost, and they tend to be more engineering-type companies that have to cut costs all the time.
:)
However, the banks are simply super conservative. I wrote a system to transmit credit card logs to an acquirer over FTP. which to the bank was cutting-edge technology. The *only* reason it was implemented was that the old transmission system was not y2k compliant.
that does suggest a bit better security - how many hackers can hack Cobol code, or an obtuse transmission protocol that hasn't been used for 20 years?
For the accounting - accountants read every bean that goes through the system (they like that). If anything happened, they'd start squawking and something might be done - a bit late perhaps, and maybe the missing cash would be written off, but you can guarantee they'd know about it.
Embedded Windows in ATMs will likely be highly locked-down unlike consumer versions of the OS. The notion that "windows" somehow automatically means a worm will hit and you'll get "free cash" is just plain stupid and just more FUD.
I'm amazed at what some of the comments on this thread are saying about cheapness in financial institutions as, from my experience, the absolute opposite is true. Having worked at Morgan Stanley, Credit Suisse First Boston, UBS, BNP Paribas and Royal Bank of Scotland I can assure you that the big money firms do NOT cut corners when it comes to expenditure on IT.
I realise my experience is primarily in the investment banking sector but for the retail banking institutions to scrimp and save is ridiculous as most of them either have an investment banking arm, or are owned by an investment bank.
I call bullshit.
Don't worry, everyone stopped reading what you wrote at "Your."
I agree with your primary assertion -- the statistics you quote look like they were pulled out of thin air, at best.
OTOH, the >100% number isn't outside possibility:
In other words we will have 53% more Windows installation on banking machines then total number of banking machines on the planet.
If the number of banking machines itself doubles by 2006, then it will be no problem to install Windows on 1.53 times as many machines as are in place now. That's not to say they accounted for that in the stats you mentioned, of course!
Lies, damned lies, and statistics, right?
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.