Slashdot Mirror
Windows ATMs by 2005
An anonymous reader writes "O'Reilly Developer News is running a brief on how the banking industry will be running a stripped down version of windows on 65% of its ATM machines by 2005. On a morning when I'm receiving the latest windows virus in my inbox every five minutes I feel very comfortable with this."
Holy cow! Can you say, "Free cash!"
Just stand in front of ATM the next time a worm rocks through and watch it start spitting out bills.
ROFL!!!!!!!!!!!!!!!!!
From the Wired article:
.dll that gets hacked?
But one of Anderson's colleagues, Bruce Schneier, chief technology officer at security monitoring and consulting company Counterpane Internet Security, dismissed this [money-dispensing virus] scenario. He pointed out that the machines would not operate online and therefore would not become vulnerable to a malicious Internet attack or to some virus passed around in an e-mail attachment. Because the machines have no peripherals like floppy disks, it would be difficult for a cracker to install code or steal information.
Of course, everyone knows that ATMs have no communications links of any kind. It's just a box full of money with a power plug, right?
Duh! The ATM communicates with the bank, with the ATM user, *and* with the maintenance staff.
* The bank connection is some sort of comm line. Put encryption on it and maybe it's safe. But what happens when it turns out they've used some Win-standard encryption
* The customer sticks a card in and punches buttons. This is reasonably safe now, when you have little more than a numeric keypad with "Cancel" and "Enter" buttons. But the more Windoze crap they add -- they're talking about "lottery tickets and soft drinks" -- the more robust the UI will have to be. Are you sure you checked that buffer overflow?
* Finally, the maintenance staff has "root-like" physical access to the system. Sure, you have to get past some heavy-duty locks to get to the control panel inside the machine. Big deal, lots of crooks know how to pick locks... how many, though, know OS/2? But what happens when trojan-friendly Windows is the OS? Pick the lock, load the software (because there *will* be a floppy, CD-ROM, or USB port for upgrades), and dispense free, untracable cash whenever someone inserts an ATM card with magic cardno "1111-2222-3333-4444".
Perhaps using OS/2 was a way of de facto "security by obscurity". Installing Windows is more like "security by crossing-your-fingers".
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
We have them in the UK already - the sight of ATMs showing an NT4 logon screen is not uncommon...
You must not reboot to receive your cash.
134340: I am not a number. I am a free planet!
Um.... a good number of ATM's issued by a large bank I used to code for run NT 4.0. This isn't late breaking news.
Saying Android is a family of phones is akin to saying Linux is a family of PCs.
A FATAL EXCEPTION 0$ HAS OCCURRED.
Please contact your financial administrator
See the Pictures of the Flood of '08
... Debt.
Windows on an ATM - already happening. Already
getting errors.
i think this is less of a concern than it is made out to be. an ATM OS can be tested very rigorously much more easily than an entire OS (especially a bloated one). so i am not afraid of windows ATMs, security-wise. what i AM afraid of is how this lays another layer of brick that reinforces that MS monopoly - i hope some enterprising individuals offer a cheaper, features-competitive open-source system.
smd4985
"They have tried to cut out the unnecessary rubbish that clutters up the typical PC."
but.. but.. the article says they're running Windows.. now I'm confused.
Trolling is a art,
Here's the link I was looking for. Classic stuff!
If I get cash from an Microsoft ATM, do I have to put it in a Microsoft Wallet?
Two wrongs don't make a right, but three lefts do.
I Hate That!!!!
I'm sib888, and I approved this comment.
With the amount of local banks in my local area that are using unsecured (non-WEP) protected wireless access points on their local LAN, I wonder how long it will take for a RDC that tells the ATM to spit out money?
There are security updates that take months for companies to patch on their local servers & workstations... how will a known security vunerability be fixed on a "stripped" version of 2K or NT in an ATM, and how long do you think it will take them to impliment these updates, if they can update them at all?
I'm not sure of actual numbers, but I recall that IBM is heavily invested in Diebold, a major ATM manufacturer. I also recall that a large percentage of ATM machines run OS/2.
If this is true, I would expect IBM to be pushing a linux-based solution.
But then again, who knows what the banks want to buy? I just got a letter last week from my bank informing me that "for my security" they will be requiring online banking customers to use 128 bit encryption. Ack! 1998 called, they want their security back!
Take your pick:
http://zem.squidly.org/bsod/
http://www.piemaster.co.uk/gallery/BSOD
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
As someone who has used and stood in line to use one of these machines, let me just say that they are a far cry from the efficiency of the current ATMs. Just on a rough estimate, it takes 3-4 times longer for your average Joe Sixpack to make a transaction.
From my own experience, and knowing what I'm doing, the OS runs a good bit slower than the tried and true green on black systems. Top that off with the annoying pointy finger and IE "click" noises, and you have an example of change for change's sake.
Of course, the only reason at all they seem to be using this new system is so they can bombard you with advertising while you're using the machine.
All and all, a bad change all around.
I thought Microsoft had already convinced the courts that you couldn't strip these "vital components" of the OS out.
A friend of mine took these photos of a Win NT Natwest cash machine shutting down.
This is a bit worrying.
Looks like it's time to pull all the cash out of the banks and go back to the Bank of Between The Matresses. Last thing we need is a stupid windows worm to have a huge impact on the finances of the United States (or any other countries that use this scheme).
Oh, and out of spite, i'll figure out a way to make my bed run FreeBSD* or something.
[*]"BSD" always makes me think of something like Bondage/Sado-Domination or something.
do() || do_not();
This is nothing new, certain banks have had NT running as for atms for a while now. Hell, the subway card dispensing machines in NYC run NT as well as the entire line of NJ Transit ticket-dispensing machines. So dont go off making silly comments of doom and destruction since guess what, they're already here and have been for a while! This is not to say that things cannot go wrong (I see the above mentioned machines being serviced fairly often and they do get errors), but lets not get too dramatic.
"What can a thoughtful man hope for mankind on Earth, given the experience of the past million years? Nothing." -Bokonon
From Microsoft on how ATM works...
...
...
ohhhhh... you mean... gotcha... nevermind.
I understand the standard windows=bad theme for slashdot postings, but think about it for a minute. It's in a box that's locked up tight, many with cameras around, not connected directly to the internet... so really... is there any significant security issue to worry about any more so than with the other ATMs around?
Man, you guys are like Pavlov's dogs. Taco rings the Microsoft story bell and out comes the rhetoric-spouting zealots. Sure, your points are valid security concerns. But they sure as hell aren't specific to Windows. Time for rebuttals...
.dll that gets hacked?
Point 1 - Comm line: But what happens when it turns out they've used some Win-standard encryption
Ah yes, God knows non-Windows communications software never has exploits (it's a link to the SSH exploit story).
Point 2 - UI: The more Windoze crap they add -- they're talking about "lottery tickets and soft drinks" -- the more robust the UI will have to be. Are you sure you checked that buffer overflow?
Uh, this is specific to Windows how? Microsoft isn't going to be writing the interface, the ATM companies are. And they'd be writing the EXACT same interface on whatver platform you want them to use.
Point 3 - Physical Access: But what happens when trojan-friendly Windows is the OS? Pick the lock, load the software (because there *will* be a floppy, CD-ROM, or USB port for upgrades)
Guess what - the best hackers out there are more familiar with non-Windows OSes than they are with Windows. TiVo runs Linux and it's had the shit hacked out of it. ReplayTV, while still hackable, hasn't had nearly the level of "unofficial" customization. It's a lot easier to muck around with software if you have the source to it.
Now, I'm not saying that Windows is more secure than other OSes. That thought is absurd. My point is that in a very tightly controlled environment, it can be just as secure as the next OS. My other point is that you guys are fucking insane with anti-MS zealotry. Why don't you try looking at the world without that chip on your shoulder.
I work with a lot of embedded controls systems and the use of Windows with these systems (for Human Machine Interface, data gathering, etc) is increasingly common. The security concerns related to viruses and worms are also more common.
Back when more of these systems used Unix, VMS, etc, it was not a big concern. The environment was so heterogeneous that you didn't need to worry. Now that everyone is running Windows, it becomes a huge problem.
I've been helping several of my customers lock things down and better isolate their control systems. There are plenty of ways to do this effectively but it only takes one careless tech to screw the whole thing up. While I'm confident that I can develop the infrastructure and procedures to protect the systems, I'm not confident that the procedures will be adhered to.
This has become such a large concern that many of them are reevaluating their purchasing decisions and considering turning away from Windows. The problem is that nearly all of the vendors are now producing Windows only solutions.
I would like to say that there would likely be similar problems if everyone was running Linux. While you can lock things down when you start to put the systems into the hands of less sophisticated users you will have the same problems. I see this as more of a user problem than a technology problem. The reason that these worms and viruses spread so fast is that users are not taking the procautions that they should.
Anecdotal support for this argument can be found at any large LAN party. There are always a number of bozos running Red Hat infected with all kinds of crap because they have no idea what they are doing.
You can give two guys the best woodworking equipment in the world and the best wood. One will produce an heirloom and the other will be in the emergency room getting his fingers sewn back on. There are more of the latter than the former in this world.
Guys... you have to realize these ATMs (unix, windows, other) are NOT on the public internet. They're not even on the same network as the workstation computers inside the bank. They may not even be using the same protocols, but I don't know about that.
The fact that they run Windows doesn't honestly mean much to me, because if the security experts in those banks are stupid enough to connect an ATM (or any number of other important machines internally) to any sort of public network... they're gonna get fucked at one point or another.
How often do you think a UNIX ATM's kernel/packages gets patched to fix that latest overflow discovered? Probably never.
no comment
can you imagine 60% of the ATMs in your city hitting windowsupdate.com all together?
what about 60% of the ATMs in the US hitting it?
Damn, we'll have to rename the slashdot effect into ATMeffect
-- There are two kind of sysadmins: Paranoids and Losers. (adapted from D. Bach)
Now this just doesn't make sense. Sure, I'd agree with a need to upgrade from OS/2 - even finding a way to put new software on OS/2 is going to get hard as time goes on. But why the decision to go to Windows rather than a sensible decision like embedded Linux, QNX, heck ANYTHING but Windows...
Windows does not provide the needed security, stability, or reliability needed for these applications. It does not provide real-time features that could allow certain security guarantees. The quoted reason, compatibility with "internal corporate networks" doesn't even make sense. Writing an interface for the functionality that ATMs provide might be an interesting project for an undergraduate intro-to-programming class. It's not like ATMs need to interoperate with the company Outlook Exchange server...
This sounds like a bunch of ignorant suits were herded into a room by MS salespeople and told the "benefits" of XP Embedded. I seriously doubt that anyone experienced who put any technical thought into the matter would decide to use Windows for ATMs.
-3Suns
~~~~
The Revolution will be Slashdotted
From a bank marketing analyst explaining the migration of ATM OS to windows:
"With open technologies it is easier to run different types of hardware on the same software."
and that's right, he's referring to Windows as 'open' technology.
Banks are merging and acquiring different machines, and tired of writing changes a half dozen times or more. yet they're going with the high cost option, instead of the obvious one.
a -security- company -CTO- exec gets a runner up prize for 'Dumbest Thing a Security Consultant Could Possibly Say' by suggesting that the ATMs wouldn't be vulnerable to the myriad MS worms and viruses because they dont work online.
this not even a year after Slammer -did- manage to shut down many ATMs which -also- were not online.
This Wired article reads like an Onion article.
// "Can't clowns and pirates just -try- to get along?"
In Sweden, at least one major bank has used MS-DOS for their ATM:s. I saw one of these in a "funny" state (late 1999, I think) and of course took some shots...
:)
Images here
The server is a powerful Pentium 120 with a whopping 40 MB of RAM, so if it's slow, just keep banging on it..
Yeah, they have built in failsafes to keep this from happening. Just like the power companies have built in failsafes to keep a massive blackout from occuring.
I'll start working on modifying my ATM card's magnetic strip to overflow the ATMs card reader.
I think you were being funny but I actually develop ATM software and some of the code I have inherited from the previous idiots would have been succeptible to exactly that. It wouldn't get you any money unless you knew the internal protocols for dealing with the cash dispenser in addition to knowing how to exploit a buffer overflow (in which case you would likely know 10 other/better/easier ways to rip it off) but that is almost certainly a hole in more than a few machines out there.
The latter scheme seemed dubious; the chain-letter like WARNING on the machine, and the insertion sensors on card slots I can't see allowing something jammed that far into them. Plus this was at a gas station deep in suburbia where hanging around the ATM would be suspicious, and where the ATM was in a corner making its use a complete screen of the keyboard.
This scam is called the lebanese loop, and involves installing a thin bit of wire into the card slot, which jams the card in there. This of course stops the ATM from actually doing anything, but a kind gentleman behind you suggests that maybe you should input your PIN a second time. While he is shoulder surfing. This of course doesnt work, and the ATM refuses to give your card back, mainly because it actually cant :)
Then you give up, wander into the bank to complain, and he has extracted your card (easy if you know how with these things) and run off to another ATM in the locality to quickly drain your account of everything he can get.
This scam has been ran a number of times in my town, and people keep getting caught out, even tho there are now massive warnings on the ATMs.
So, are you posting from that ATM right now?
In many european countries ATMs have a secure cryptographic device attached, which stores all cryptographic keys used to encrypt data between the ATM and the ATM server. All cryptographic computations are made in that device and it is designed to "erase it's memory" if someone tries to pull it out or do something weird.
:-) :)
:-) ). The specific drivers exist and also the engineering skills. Moreover banks are very conservative, some still have DOS or OS/2 ATM's so they stick to stuff they know (usually not your favorite free OS).
Normally, the PIN you type is directly transfered (encrypted) to the secure device and does not go through the PC memory. So your PIN is pretty safe from any virus or trojan horse.
These requirements are imposed by VISA/Mastercard, because they take PIN security very seriously.
The remaining risk comes from an insider who would put a trojan horse in the ATM such that it would dispense cash automatically for example if you type a certain key combination
This does not endager your PIN though or any transaction. It's basically a problem for the bank
This is a rather complex attack, even if you have Windows, OS/2 or linux on the ATM (Windows might just make it easier). The hard part is getting into the system (these machines don't run any standard services and there are access control policies). There are easier and less dangerous ways to get money from the credit/debit card systems than hacking into an ATM in a protected environement.
One of the reasons they use windows is because it's the cheapest alternative (YES! Shock!
Unfortunately, this is what's happening. Microsoft has done the same with banks as what they've done with most corporate entities -- 'bid' systems and training to them. The deal is that most banks store information in MS databases, most Internet bank interfaces are ASP applications (.NET will make this worse). Whether or not it's 'secure enough' is not a question...
4 1775 for a good discussion about how credit/ATM cards work and links to many resources on the subject).
Believe it or not, there are people who get paid very well to administrate Windows computers and they like Windows very much.
I'm not sure how hackable these machines will be either. ATMs use either dialup or ISDN connections to communicate centrally with banks, so they're not going to be on any public network (check out http://answers.google.com/answers/threadview?id=2
Additionally, there isn't much room for hacking an ATM... I mean, without taking the thing apart, you have 21 keys maximum (4 - 8 keys to choose options on the screen, 10 keys for numbers, an OK key, cancel transaction key and backspace key) on most machines. Without opening the thing up, you're not going to get very far.
While Windows may not be secure over a public network with all sorts of services running, on a private direct connection with solid software, there's really no vulnerability here. You should learn a little more about how these machines work... they're not on some wide-open network hole waiting to be exploited.
ATM transactions are also encrypted, and I think we all agree that Microsoft is definitely pro-encryption.
So, before we go bitching about MS getting their stuff put on ATMs, I think we should look at the online interfaces to our accounts which are much more insecure than any ATM that will have Windows (and all the posts here seem to just be whining about how insecure it will be). I guarantee that you losing your ATM card is the most insecure thing that can happen in this regard without taking the ATM apart. A UNIX-based machine would be potentially just as vulnerable if you consider this possibility.
On the other hand, I think poorly written online banking software accessible through web-browsers on any platform is more of a security threat to your banking.
On a final note, in the Netherlands, anyway, banks give you this little device that you put your card in and it generates a hash that you have to type in every transaction. Is anybody aware of what is actually being hashed? I wouldn't think it's any private data on the card, because several banks don't require you to insert the card into the device. The best I can tell it's simply a couple of hashing algorithms hashing the current time (with about a 30 second period -- i.e. two hashes within n seconds generate the same hash) and... ? The PIN? Not sure.
Anyway, food for thought for you overly-hyped cynical freaks.
www.sitetronics.com/wordpress
I've had a picture of this ATM for the past 5 years on my website :)
<grub> Reading
Well, this goes to prove that Microsoft's claims in court that Windows was so tightly integrated into a single monolithic system are false. Obviously if the system is still functional enough to provide the frameworks needed to run ATM software and a modern user-interface, after being stripped down, then the same is certainly possible for mainstream use. In fact, it's likely that the reason it is stripped down is because superfluous features are a risk. Internet access and DirectX can also be seen as superfluous features.
Of course, this comes after the fact. So maybe you could argue Windows has been re-architectured since the legal trouble, but I doubt anyone with a knowledge of complicated software engineering and familiarity with Microsoft's code bases could say that under oath.
I have had the recent pleasure of watching the V-Com ATM machines being installed in our local convenience stores. They are PC's controlling the system, using Internet connections over TCP/IP to communicate, running Windows NT Workstation 4.0 SP6a. They have a custom keyboard missing the CTRL, ALT, and other state keys, and a touch screen interface to boot. And they can be crashed so easily it goes beyond funny to just plain sad.
The tech doing updates opens the bay, plugs in a regular keyboard, logs on to an e-mail account, and runs the patches distributed that way.
Not something I really would trust with my money!
You can have it fast, accurate, or pretty. Pick any 2.
Device Estonian folks used was actually quite sophisticated. I saw short clip of it on YLE News on TV back then. From later news transmission that part where electronics and construction of device were shown was removed and on the one time they showed it some police came and moved device away from cameras. Guess cops said you're not allowed to show that on TV.
These are facts:
Device had card reader. It was placed on front of real card slot so when you inserted card magnetic stripe was read.
People who's cards got copied said it was difficult to get card out from ATM machine. This was because after transaction ejected card was partially blocked by extra reader device those guys installed.
Keypad had kinda sticks on bottom so when you pushed number on spying keyboard it pushed real button under it at the same time. Electronics connected to fake keyboard recorded your PIN and saved it to NVRAM among content of magnetic stripe it just read as well.
Card reader was connected to keypad module that had most of electronics using cable. Cable was covered with square plastic housing to keep it less obvious what was going on.
Since you got your money from ATM no-one suspected anything fishy until day or two later when your bank account was empty.
Crooks were waiting on nearby car. After some
time they went to ATM and removed their device.
Ok, those were facts. There were some claims that device had also WLAN or some other wireless connectivity so card numbers and PIN codes would have been transferred to crooks realtime. However I think that's just rumour.
Device had factory made looking PCB inside. Probably some SBC development thingy.
If there's someone with Helsingin Sanomat archive access you could probably find more details from there. HS is Finnish newspaper so that part was for finnish readers.
No-one in charge ever seems to take a second look and ask "do we really need a multi-GHz processor and OS just to decode a PIN and dispense cash?". I know Windows is ubiquitous, and seems like the safe option. But it's overkill, and any time you install way more computing power than you need, you're being wasteful, as well as taking a risk. Of course it has been amply demonstrated that Windows is NOT SECURE no matter how much the Microsoft salespeople claim otherwise. Note, I'm not saying Linux is necessarily better. I'm questioning the need for a full-blown OS at all, in these applications. Hell, I could build a simple ATM using hardwired logic gates. Installing a known-insecure consumer OS in a mission-critical application is fscking stupid, and it will cause problems. The people that make these decisions are simply hoping that they'll be promoted far enough up the ladder before it happens that someone else takes the blame.
I know the reason this happens is that by using a standard system it's much cheaper; you just have to find some VisualBasic code-monkey and whip up an application. Fundamentally, the problem is that the cost of this kind of insecurity is a) not immediately apparent and b) not born by the company. The costs associated with a cracked ATM will just be passed on to the consumer. The cost of the blackout will similarly not hurt the stockholders of FirstEnergy.
The simple truth is that sometimes you need regulation and enforcement; if there wasn't an FAA you can bet your life that 777's would run on Windows XP by now, with a literal BSOD on a weekly basis. OK, that's a bit extreme. But let's look at that situation as an example... I know reliable flight-control software is expensive, so let's assume that if allowed, some company would be tempted to use cheap off-the shelf equipment and software, thus making a cheaper plane. Pretty soon they would outcompete other builders (the margins are pretty thin on those things). Remember, if the only planes available were ones that ran XP, you as a consumer would have no choice as to what you flew. If every airline had a crash that often, there would be no competive pressure to improve (that's "just a cost of doing business"). The point I'm trying to make is that sometimes competive price pressure results in a "race to the bottom" in terms of safety, quality, or reliability. I suspect that's what we're seeing here.
Human genome = 3 billion base pairs = 6 GBit. Windows + Office = 20 Gbit. Which is more impressive?
The people that make decisions are worried most about how much it's going to cost.
And you don't think it's conceivable that someone will decide that the cost of losing billions upon billions of dollars when the Windows+TCP/IP+internet connection machines are hacked isn't worth it?
They may not be very security-savvy, but they won't do a massive rollout that will leave them with a nationwide network of completely broken ATMs that divulge money at the drop of a hat. Insider addition of malicious code, while a pain, doesn't even begin to compare cost-wise with complete public access to machines with internet-enabled, free-for-download, no-knowledge-required exploits.
You can catch and arrest a malicious insider if the losses start adding up. You can't just arrest the entire US.
A little over a year ago, I went into my bank to get $20 for lunch or something. I put my card in, typed my pin number, selected which account to get money from, and the amount.
Then all of a sudden, the screen went blue. I stared in disbelief for a moment, then a boot sequence began to display on the screen. And what did I see on the bottom of the screen, but the Microsoft trademark. I couldn't believe it. I had been bluescreened at the bank. I had to get the bank to credit the money back to my account and to get my card back (which I couldn't get back for a couple of days). So I guess you could say that I am less than thrilled about Windows running ATM's.
IANAL... But I play one on
I had the opportunity of watching one of the local banks put in an ATM at the mall. The machine had a full PC in it, along with a modem of some sort (DSL? ...I wasn't asking questions).
They installed and set up Windows 98 and then put a Java virtual machine on it...version 1.3.1 for that machine. The ATM software was built in Java.
So...what is the point of that? Why pay for a Windows license and deal with their BS? If you are just going to run a Java application, why not pick a free OS and use Java on that? What was the "value added" by Windows?