Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows ATMs by 2005

Posted by michael on from the blue-screen-of-no-money dept.

An anonymous reader writes "O'Reilly Developer News is running a brief on how the banking industry will be running a stripped down version of windows on 65% of its ATM machines by 2005. On a morning when I'm receiving the latest windows virus in my inbox every five minutes I feel very comfortable with this."

23 of 802 comments (clear)

  1. Three Major Vulnerabilities by RobertB-DC · · Score: 4, Insightful

    From the Wired article:
    But one of Anderson's colleagues, Bruce Schneier, chief technology officer at security monitoring and consulting company Counterpane Internet Security, dismissed this [money-dispensing virus] scenario. He pointed out that the machines would not operate online and therefore would not become vulnerable to a malicious Internet attack or to some virus passed around in an e-mail attachment. Because the machines have no peripherals like floppy disks, it would be difficult for a cracker to install code or steal information.

    Of course, everyone knows that ATMs have no communications links of any kind. It's just a box full of money with a power plug, right?

    Duh! The ATM communicates with the bank, with the ATM user, *and* with the maintenance staff.

    * The bank connection is some sort of comm line. Put encryption on it and maybe it's safe. But what happens when it turns out they've used some Win-standard encryption .dll that gets hacked?

    * The customer sticks a card in and punches buttons. This is reasonably safe now, when you have little more than a numeric keypad with "Cancel" and "Enter" buttons. But the more Windoze crap they add -- they're talking about "lottery tickets and soft drinks" -- the more robust the UI will have to be. Are you sure you checked that buffer overflow?

    * Finally, the maintenance staff has "root-like" physical access to the system. Sure, you have to get past some heavy-duty locks to get to the control panel inside the machine. Big deal, lots of crooks know how to pick locks... how many, though, know OS/2? But what happens when trojan-friendly Windows is the OS? Pick the lock, load the software (because there *will* be a floppy, CD-ROM, or USB port for upgrades), and dispense free, untracable cash whenever someone inserts an ATM card with magic cardno "1111-2222-3333-4444".

    Perhaps using OS/2 was a way of de facto "security by obscurity". Installing Windows is more like "security by crossing-your-fingers".

    --
    Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
    1. Re:Three Major Vulnerabilities by RobertB-DC · · Score: 3, Insightful

      um, did you _read_ the article?

      I know the article says the machines "have no peripherals". But that's 100% bogus.

      What, they're going to swap out the hard drive each time they want to add a new flavor of soda pop to the menu? Remember, they're pushing ease of upgrades -- that means that there's going to be some user-friendly way to update the ATM with the latest doodads.

      That's why I say it'll have a USB port, or a floppy, or perhaps a CD-ROM behind the maintenance door. The alternative is to allow the ATM to be programmed remotely via the comm line... and tell me how that is any different from being "connected to the internet" when the PC on the other end is part of the corporate intranet.

      Yes, it will be possible to make these systems hack-proof (or at least hack-resistant). But hack-proofing decreases user-friendliness, and some bank somewhere will choose the wrong priority when designing their Windows-based ATM system.

      --
      Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
    2. Re:Three Major Vulnerabilities by koniosis · · Score: 3, Insightful

      OF course because its running a version of "Windows" its insecure!?!

      Thats just not true, the Windows 2000/XP kernel is secure, just because other programs that run in kernel mode or have rights to the system aren't doesnt't mean that Windows is insecure as a cut down OS. How complicated can a cash dispensing program be?? You can bet your ass that they've tested this stuff to death. Its going to be secure, its not going to be running Outlook or other Windows hacking prone applications.

      Please Please Please people don't just state that if something has M$ stamped on it that it'll be hacked or buffer overflowed to oblivion. Microsoft is a HUGE company with many resources, if they invested enough time and money into one program they would iron out all the issues. And since an ATM is so cut down it cannot possibly be that hard to secure it (come on admit it). As for additional stuff like checking lottery numbers etc, that sort of thing would run in a restricted user mode, therefore not allowing it access to the cash dispensing, most likely if they had any sense in a sand box like java or .net.

      M$ is inherintley evil, but not as bad as you may think.

      --
      I spent ages trying to think of sig, but never did :(
    3. Re:Three Major Vulnerabilities by twisty7867 · · Score: 5, Insightful

      Your arguments are foolish on the face.

      * The bank connection includes federally mandated encryption. The FFIEC (Federal Financial Institutions Examination Council) specifies the exact standard of encryption used. by the way, have you notice that there are no "Windows standard" encryption schemes anyway? They are all industry standards.

      * Buffer overrun exploits also rely on unchecked input - if input is screened to a limited variety of characters few if any buffer overrun exploits would be possible.

      * Finally, the maintenance staff has *gasp* physical access to the cartridges of cash loaded into the machine. Why the hell would they bother with a virus when they can just take the money and wander off? The basic premise of any bank is that you can trust the employees not to take the money. As someone who has worked for financial institutions for most of his career, I can tell you without a doubt that anyone who violates this trust is detected and dealt with in a quick and harsh fashion.

    4. Re:Three Major Vulnerabilities by larien · · Score: 4, Insightful
      Oh, wait - the machine it connects up to would be a large mainframe that runs 1/2 the speed of the slowest PC, and written entirely in COBOL - I forget these things about the stogy old banks we know and love.
      On the other hand, how often does that mainframe crash?

      People forget that mainframes have a completely different design object in mind; these systems CANNOT tolerate ANY downtime, not even for half a second. Also, you CANNOT tolerate losing even one transaction, as it may be a billion dollar transfer between accounts. These things are over-designed to the nth degree, with very good reason. Part of that over-design means they can't use the fastest technology around.

      As for using COBOL, this will be code that is known to be accurate and error-free; again, you don't want to trust billions of dollars to something untested.

      Now, as for why they're thinking of switching to Windows for ATMs, I really can't fathom; is there some problem with their current systems? The articles seem to imply it's because Windows is "open"; why not use linux (or OpenBSD) instead? Then they can tinker with everything to their heart's content and customize all they want.

  2. as much as i hate defending MS.... by smd4985 · · Score: 4, Insightful

    i think this is less of a concern than it is made out to be. an ATM OS can be tested very rigorously much more easily than an entire OS (especially a bloated one). so i am not afraid of windows ATMs, security-wise. what i AM afraid of is how this lays another layer of brick that reinforces that MS monopoly - i hope some enterprising individuals offer a cheaper, features-competitive open-source system.

    --
    smd4985
  3. Biggest pet peeve by sib888 · · Score: 5, Insightful
    Automated Teller Machine Machine?


    I Hate That!!!!

    --
    I'm sib888, and I approved this comment.
  4. Wireless Security & updates by Dugsmyname · · Score: 4, Insightful
    I've got 2 questions concerning security:

    With the amount of local banks in my local area that are using unsecured (non-WEP) protected wireless access points on their local LAN, I wonder how long it will take for a RDC that tells the ATM to spit out money?

    There are security updates that take months for companies to patch on their local servers & workstations... how will a known security vunerability be fixed on a "stripped" version of 2K or NT in an ATM, and how long do you think it will take them to impliment these updates, if they can update them at all?

  5. Re:Fatal Exception by I8TheWorm · · Score: 4, Insightful

    A lot of truth to that... but that's generally because of a bad software developer.

    As a long time Windows developer, I would have to say that, for a great many painfully obvious reasons, Linux would be a better choice for this. It's cheaper, more reliable in that a developer can see the source code, and see what it's trying to accomplish, has nice GUI's, and many development platforms to choose from.

    Even though the article says they would run on a stipped down version of Windows, Linux takes up a much smaller footprint and runs faster, so older/cheaper hardware could be used without any concern.

    With large banks trying to cut costs/increase earnings (anyone tried to cash a payroll check at a large bank recently? "that'll cost you $5, sir") I find it hard to believe that they would choose the more expensive OS to run their software.

    --
    Saying Android is a family of phones is akin to saying Linux is a family of PCs.
  6. Re:Viruses? by jcknox · · Score: 3, Insightful

    I thought Microsoft had already convinced the courts that you couldn't strip these "vital components" of the OS out.

  7. How about we already have ATMs running windows by quantax · · Score: 4, Insightful

    This is nothing new, certain banks have had NT running as for atms for a while now. Hell, the subway card dispensing machines in NYC run NT as well as the entire line of NJ Transit ticket-dispensing machines. So dont go off making silly comments of doom and destruction since guess what, they're already here and have been for a while! This is not to say that things cannot go wrong (I see the above mentioned machines being serviced fairly often and they do get errors), but lets not get too dramatic.

    --
    "What can a thoughtful man hope for mankind on Earth, given the experience of the past million years? Nothing." -Bokonon
  8. Re:Mo Money! Mo Money! Mo Money! by sphealey · · Score: 5, Insightful
    f you completely disregard that most ATMs don't have built-in TCP/IP stacks-- even the ones that communicate via CDPD, or cellular to internet use a transmitter that works through a serial port and sends an encrypted stream of data to the processor-- Most ATMs are designed to go balls-up at the first sign of trouble and shut themselves down after sending detailed error messages to their owners via leased line
    The problem being that once a commercial technology ("commercial off-the-shelf" or COTS in milspeak) starts to leak into a closed architecture application, it becomes almost impossible for manufactuers to resist the pressure to use all the features of the commercial technology to reduce cost.

    If Vendor A makes an ATM that uses propriatary closed architecture and its units cost $125,000, while Vendor B uses Windows but its units cost $110,000, guess who is going to win the bids? So Vendor A goes to Windows + TCP/IP and gets down to $100,000/unit. Vendor B then responds with Windows + TCP/IP + "Internet connection to eliminate costly leased line charges". Guess who will win that bid? And there we are - the security of a closed system gone in three rounds of bidding.

    Now perhaps that example is bad, because there might be regulations in the financial industry to prevent it. And such regulations might even be enforced. But then again, if Enron or Dick Cheney had bought a large ATM network...

    sPh

  9. Is security really an issue here? by verbatim_verbose · · Score: 5, Insightful

    I understand the standard windows=bad theme for slashdot postings, but think about it for a minute. It's in a box that's locked up tight, many with cameras around, not connected directly to the internet... so really... is there any significant security issue to worry about any more so than with the other ATMs around?

  10. Pavlov's geeks... by ryanvm · · Score: 4, Insightful

    Man, you guys are like Pavlov's dogs. Taco rings the Microsoft story bell and out comes the rhetoric-spouting zealots. Sure, your points are valid security concerns. But they sure as hell aren't specific to Windows. Time for rebuttals...

    Point 1 - Comm line: But what happens when it turns out they've used some Win-standard encryption .dll that gets hacked?

    Ah yes, God knows non-Windows communications software never has exploits (it's a link to the SSH exploit story).

    Point 2 - UI: The more Windoze crap they add -- they're talking about "lottery tickets and soft drinks" -- the more robust the UI will have to be. Are you sure you checked that buffer overflow?

    Uh, this is specific to Windows how? Microsoft isn't going to be writing the interface, the ATM companies are. And they'd be writing the EXACT same interface on whatver platform you want them to use.

    Point 3 - Physical Access: But what happens when trojan-friendly Windows is the OS? Pick the lock, load the software (because there *will* be a floppy, CD-ROM, or USB port for upgrades)

    Guess what - the best hackers out there are more familiar with non-Windows OSes than they are with Windows. TiVo runs Linux and it's had the shit hacked out of it. ReplayTV, while still hackable, hasn't had nearly the level of "unofficial" customization. It's a lot easier to muck around with software if you have the source to it.

    Now, I'm not saying that Windows is more secure than other OSes. That thought is absurd. My point is that in a very tightly controlled environment, it can be just as secure as the next OS. My other point is that you guys are fucking insane with anti-MS zealotry. Why don't you try looking at the world without that chip on your shoulder.

  11. Security concerns spreading by nomadicGeek · · Score: 4, Insightful

    I work with a lot of embedded controls systems and the use of Windows with these systems (for Human Machine Interface, data gathering, etc) is increasingly common. The security concerns related to viruses and worms are also more common.

    Back when more of these systems used Unix, VMS, etc, it was not a big concern. The environment was so heterogeneous that you didn't need to worry. Now that everyone is running Windows, it becomes a huge problem.

    I've been helping several of my customers lock things down and better isolate their control systems. There are plenty of ways to do this effectively but it only takes one careless tech to screw the whole thing up. While I'm confident that I can develop the infrastructure and procedures to protect the systems, I'm not confident that the procedures will be adhered to.

    This has become such a large concern that many of them are reevaluating their purchasing decisions and considering turning away from Windows. The problem is that nearly all of the vendors are now producing Windows only solutions.

    I would like to say that there would likely be similar problems if everyone was running Linux. While you can lock things down when you start to put the systems into the hands of less sophisticated users you will have the same problems. I see this as more of a user problem than a technology problem. The reason that these worms and viruses spread so fast is that users are not taking the procautions that they should.

    Anecdotal support for this argument can be found at any large LAN party. There are always a number of bozos running Red Hat infected with all kinds of crap because they have no idea what they are doing.

    You can give two guys the best woodworking equipment in the world and the best wood. One will produce an heirloom and the other will be in the emergency room getting his fingers sewn back on. There are more of the latter than the former in this world.

  12. Not as big a security risk as you guys think by zapp · · Score: 4, Insightful

    Guys... you have to realize these ATMs (unix, windows, other) are NOT on the public internet. They're not even on the same network as the workstation computers inside the bank. They may not even be using the same protocols, but I don't know about that.

    The fact that they run Windows doesn't honestly mean much to me, because if the security experts in those banks are stupid enough to connect an ATM (or any number of other important machines internally) to any sort of public network... they're gonna get fucked at one point or another.

    How often do you think a UNIX ATM's kernel/packages gets patched to fix that latest overflow discovered? Probably never.

    --
    no comment
  13. Very questionable logic... by 3Suns · · Score: 3, Insightful
    From the article...
    He concluded the banking industry is ready to scrap IBM's OS/2 operating system, which powers most ATMs today. They would prefer Windows, a platform they consider "open" in that it is compatible with their internal corporate networks. Also, it's so ubiquitous that they can add features to all their ATMs without having to write multiple pieces of code for different machines.

    Now this just doesn't make sense. Sure, I'd agree with a need to upgrade from OS/2 - even finding a way to put new software on OS/2 is going to get hard as time goes on. But why the decision to go to Windows rather than a sensible decision like embedded Linux, QNX, heck ANYTHING but Windows...

    Windows does not provide the needed security, stability, or reliability needed for these applications. It does not provide real-time features that could allow certain security guarantees. The quoted reason, compatibility with "internal corporate networks" doesn't even make sense. Writing an interface for the functionality that ATMs provide might be an interesting project for an undergraduate intro-to-programming class. It's not like ATMs need to interoperate with the company Outlook Exchange server...

    This sounds like a bunch of ignorant suits were herded into a room by MS salespeople and told the "benefits" of XP Embedded. I seriously doubt that anyone experienced who put any technical thought into the matter would decide to use Windows for ATMs.

    --

    -3Suns

    ~~~~
    The Revolution will be Slashdotted
    1. Re:Very questionable logic... by syle · · Score: 4, Insightful
      This sounds like a bunch of ignorant suits were herded into a room by MS salespeople and told the "benefits" of XP Embedded.
      You're exactly right, and I'm not sure how sarcastic you intended that to be, but it's the perfect truth of the matter. What it comes down to is that none of the top 10 banks in the U.S. would ever seriously consider something that an undergrad in an intro-to-programming class could write.

      It comes down to (1) liability, (2) how well it works, and distantly (3) price. In that order. Most large resellers who would be installing these systems don't use Linux, so they would never pitch it to the banks. Why? Because in the corporate world, everyone knows Windows works and everyone is happy with it. It's a no-brainer to use. What's linux? Who cares? They use Windows every day. When it breaks, they call someone who fixes it. They would view it as "taking a chance" on Linux, and they're not paid to take chances. Upgrading ATMs is probably a deal that takes 3-5 years from the initial start, and that's too much to risk on an OS that they've never heard of.

      As someone who has done troubleshooting for these type of systems, I'll tell you flat out, they don't care about security the same way you or I do. What they care about is whether they have someone to blame when it breaks. Sad but true.

      --

      /syle

  14. Re:Mo Money! Mo Money! Mo Money! by MarkusQ · · Score: 4, Insightful

    OS Crash? Error message, shut down.

    There's a level problem there. The problem with OS crashes is the application doesn't get a chance to decide what to do, and even if it did generally wouldn't have the wherewithall to do anything useful. Even impending power failure is easier to catch.

    -- MarkusQ

  15. Re:Mo Money! Mo Money! Mo Money! by AstroDrabb · · Score: 3, Insightful
    I know you are trying to be funny, but if you look at windows security now verses 5 years ago you will find that its drastically improved.
    Man you live in never-never land. Windows security has NOT gotten any better. The stability of the OS has finally gotten to an acceptable level, however the security has not. Have you been asleep for the last few weeks with the string of SEVERE holes in MS software for win2k, XP and 2003?
    Windows ATM will most likley be based on Windows XP/Embedded, which Microsoft are selling for around $3 a processor. Linux would probably cost much more than that because the bank would need to customize it for their needs and also need to pay experts to keep them running.
    You obviously did not read the article. It stated they will be using a stripped down version of Windows NT. Also, how in the world would Linux cost more? You can get it for free and use it without license cost. Whether you use Linux or Windows on the ATM's, it WILL require experts. Period. When you deal with that much cash across the country you will not trust the development to some ASP/VB windows coder.
    Windows ATM on the other hand needs no kernal patches ever time a problem is found you can just download a hotfix from their site, this requires no experts and lowers the TCO. This might also be scriptable with WSH (windows scripting host). Microsoft are not stupid if they are making a windows version for ATMs they will *Make sure* it is 100% secure.
    Windows needs tons of patches and reboots, where as Linux does not. You just download a patch, apply it and your done. What brain dead idiot would use WSH to do ANYTHING on a critical ATM machine? Oh, and MS has NEVER made anything 100% secure. There has never been a 100% secure system from anyone.
    --
    If Tyranny and Oppression come to this land,
    it will be in the guise of fighting a foreign enemy. -James Madison
  16. Re:Mo Money! Mo Money! Mo Money! by spruce · · Score: 5, Insightful

    You're forgetting that there are actaully some smart people in the banking industry that will realize that having your ATM's running windows hooked up to the internet is a bad idea. The people that make these kinds of decisions are not fools.

  17. This just makes no sense... by RayBender · · Score: 3, Insightful
    This is the fourth similar story in the past month or so: first it was electronic voting machines based on Windows, then a nuclear power plant monitoring system, then the possibility that the big blackout was partially caused by the Blaster worm interfering with control computers, and now ATMs. In each case you have techies saying "this Windows thing is a baaad idea". However, they seem to be ignored - the suits, as well as a small number of Microsoft apologists - run blindly ahead thinking it's just a great idea.

    No-one in charge ever seems to take a second look and ask "do we really need a multi-GHz processor and OS just to decode a PIN and dispense cash?". I know Windows is ubiquitous, and seems like the safe option. But it's overkill, and any time you install way more computing power than you need, you're being wasteful, as well as taking a risk. Of course it has been amply demonstrated that Windows is NOT SECURE no matter how much the Microsoft salespeople claim otherwise. Note, I'm not saying Linux is necessarily better. I'm questioning the need for a full-blown OS at all, in these applications. Hell, I could build a simple ATM using hardwired logic gates. Installing a known-insecure consumer OS in a mission-critical application is fscking stupid, and it will cause problems. The people that make these decisions are simply hoping that they'll be promoted far enough up the ladder before it happens that someone else takes the blame.

    I know the reason this happens is that by using a standard system it's much cheaper; you just have to find some VisualBasic code-monkey and whip up an application. Fundamentally, the problem is that the cost of this kind of insecurity is a) not immediately apparent and b) not born by the company. The costs associated with a cracked ATM will just be passed on to the consumer. The cost of the blackout will similarly not hurt the stockholders of FirstEnergy.

    The simple truth is that sometimes you need regulation and enforcement; if there wasn't an FAA you can bet your life that 777's would run on Windows XP by now, with a literal BSOD on a weekly basis. OK, that's a bit extreme. But let's look at that situation as an example... I know reliable flight-control software is expensive, so let's assume that if allowed, some company would be tempted to use cheap off-the shelf equipment and software, thus making a cheaper plane. Pretty soon they would outcompete other builders (the margins are pretty thin on those things). Remember, if the only planes available were ones that ran XP, you as a consumer would have no choice as to what you flew. If every airline had a crash that often, there would be no competive pressure to improve (that's "just a cost of doing business"). The point I'm trying to make is that sometimes competive price pressure results in a "race to the bottom" in terms of safety, quality, or reliability. I suspect that's what we're seeing here.

    --
    Human genome = 3 billion base pairs = 6 GBit. Windows + Office = 20 Gbit. Which is more impressive?
  18. Exactly: Cost is key by stewby18 · · Score: 4, Insightful

    The people that make decisions are worried most about how much it's going to cost.

    And you don't think it's conceivable that someone will decide that the cost of losing billions upon billions of dollars when the Windows+TCP/IP+internet connection machines are hacked isn't worth it?

    They may not be very security-savvy, but they won't do a massive rollout that will leave them with a nationwide network of completely broken ATMs that divulge money at the drop of a hat. Insider addition of malicious code, while a pain, doesn't even begin to compare cost-wise with complete public access to machines with internet-enabled, free-for-download, no-knowledge-required exploits.

    You can catch and arrest a malicious insider if the losses start adding up. You can't just arrest the entire US.