Slashdot Mirror
Windows ATMs by 2005
An anonymous reader writes "O'Reilly Developer News is running a brief on how the banking industry will be running a stripped down version of windows on 65% of its ATM machines by 2005. On a morning when I'm receiving the latest windows virus in my inbox every five minutes I feel very comfortable with this."
Holy cow! Can you say, "Free cash!"
Just stand in front of ATM the next time a worm rocks through and watch it start spitting out bills.
ROFL!!!!!!!!!!!!!!!!!
From the Wired article:
.dll that gets hacked?
But one of Anderson's colleagues, Bruce Schneier, chief technology officer at security monitoring and consulting company Counterpane Internet Security, dismissed this [money-dispensing virus] scenario. He pointed out that the machines would not operate online and therefore would not become vulnerable to a malicious Internet attack or to some virus passed around in an e-mail attachment. Because the machines have no peripherals like floppy disks, it would be difficult for a cracker to install code or steal information.
Of course, everyone knows that ATMs have no communications links of any kind. It's just a box full of money with a power plug, right?
Duh! The ATM communicates with the bank, with the ATM user, *and* with the maintenance staff.
* The bank connection is some sort of comm line. Put encryption on it and maybe it's safe. But what happens when it turns out they've used some Win-standard encryption
* The customer sticks a card in and punches buttons. This is reasonably safe now, when you have little more than a numeric keypad with "Cancel" and "Enter" buttons. But the more Windoze crap they add -- they're talking about "lottery tickets and soft drinks" -- the more robust the UI will have to be. Are you sure you checked that buffer overflow?
* Finally, the maintenance staff has "root-like" physical access to the system. Sure, you have to get past some heavy-duty locks to get to the control panel inside the machine. Big deal, lots of crooks know how to pick locks... how many, though, know OS/2? But what happens when trojan-friendly Windows is the OS? Pick the lock, load the software (because there *will* be a floppy, CD-ROM, or USB port for upgrades), and dispense free, untracable cash whenever someone inserts an ATM card with magic cardno "1111-2222-3333-4444".
Perhaps using OS/2 was a way of de facto "security by obscurity". Installing Windows is more like "security by crossing-your-fingers".
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
We have them in the UK already - the sight of ATMs showing an NT4 logon screen is not uncommon...
You must not reboot to receive your cash.
134340: I am not a number. I am a free planet!
Um.... a good number of ATM's issued by a large bank I used to code for run NT 4.0. This isn't late breaking news.
Saying Android is a family of phones is akin to saying Linux is a family of PCs.
... Debt.
Windows on an ATM - already happening. Already
getting errors.
i think this is less of a concern than it is made out to be. an ATM OS can be tested very rigorously much more easily than an entire OS (especially a bloated one). so i am not afraid of windows ATMs, security-wise. what i AM afraid of is how this lays another layer of brick that reinforces that MS monopoly - i hope some enterprising individuals offer a cheaper, features-competitive open-source system.
smd4985
"They have tried to cut out the unnecessary rubbish that clutters up the typical PC."
but.. but.. the article says they're running Windows.. now I'm confused.
Trolling is a art,
If I get cash from an Microsoft ATM, do I have to put it in a Microsoft Wallet?
Two wrongs don't make a right, but three lefts do.
I Hate That!!!!
I'm sib888, and I approved this comment.
With the amount of local banks in my local area that are using unsecured (non-WEP) protected wireless access points on their local LAN, I wonder how long it will take for a RDC that tells the ATM to spit out money?
There are security updates that take months for companies to patch on their local servers & workstations... how will a known security vunerability be fixed on a "stripped" version of 2K or NT in an ATM, and how long do you think it will take them to impliment these updates, if they can update them at all?
I'm not sure of actual numbers, but I recall that IBM is heavily invested in Diebold, a major ATM manufacturer. I also recall that a large percentage of ATM machines run OS/2.
If this is true, I would expect IBM to be pushing a linux-based solution.
But then again, who knows what the banks want to buy? I just got a letter last week from my bank informing me that "for my security" they will be requiring online banking customers to use 128 bit encryption. Ack! 1998 called, they want their security back!
A lot of truth to that... but that's generally because of a bad software developer.
As a long time Windows developer, I would have to say that, for a great many painfully obvious reasons, Linux would be a better choice for this. It's cheaper, more reliable in that a developer can see the source code, and see what it's trying to accomplish, has nice GUI's, and many development platforms to choose from.
Even though the article says they would run on a stipped down version of Windows, Linux takes up a much smaller footprint and runs faster, so older/cheaper hardware could be used without any concern.
With large banks trying to cut costs/increase earnings (anyone tried to cash a payroll check at a large bank recently? "that'll cost you $5, sir") I find it hard to believe that they would choose the more expensive OS to run their software.
Saying Android is a family of phones is akin to saying Linux is a family of PCs.
Take your pick:
http://zem.squidly.org/bsod/
http://www.piemaster.co.uk/gallery/BSOD
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
As someone who has used and stood in line to use one of these machines, let me just say that they are a far cry from the efficiency of the current ATMs. Just on a rough estimate, it takes 3-4 times longer for your average Joe Sixpack to make a transaction.
From my own experience, and knowing what I'm doing, the OS runs a good bit slower than the tried and true green on black systems. Top that off with the annoying pointy finger and IE "click" noises, and you have an example of change for change's sake.
Of course, the only reason at all they seem to be using this new system is so they can bombard you with advertising while you're using the machine.
All and all, a bad change all around.
Looks like it's time to pull all the cash out of the banks and go back to the Bank of Between The Matresses. Last thing we need is a stupid windows worm to have a huge impact on the finances of the United States (or any other countries that use this scheme).
Oh, and out of spite, i'll figure out a way to make my bed run FreeBSD* or something.
[*]"BSD" always makes me think of something like Bondage/Sado-Domination or something.
do() || do_not();
This is nothing new, certain banks have had NT running as for atms for a while now. Hell, the subway card dispensing machines in NYC run NT as well as the entire line of NJ Transit ticket-dispensing machines. So dont go off making silly comments of doom and destruction since guess what, they're already here and have been for a while! This is not to say that things cannot go wrong (I see the above mentioned machines being serviced fairly often and they do get errors), but lets not get too dramatic.
"What can a thoughtful man hope for mankind on Earth, given the experience of the past million years? Nothing." -Bokonon
I understand the standard windows=bad theme for slashdot postings, but think about it for a minute. It's in a box that's locked up tight, many with cameras around, not connected directly to the internet... so really... is there any significant security issue to worry about any more so than with the other ATMs around?
Man, you guys are like Pavlov's dogs. Taco rings the Microsoft story bell and out comes the rhetoric-spouting zealots. Sure, your points are valid security concerns. But they sure as hell aren't specific to Windows. Time for rebuttals...
.dll that gets hacked?
Point 1 - Comm line: But what happens when it turns out they've used some Win-standard encryption
Ah yes, God knows non-Windows communications software never has exploits (it's a link to the SSH exploit story).
Point 2 - UI: The more Windoze crap they add -- they're talking about "lottery tickets and soft drinks" -- the more robust the UI will have to be. Are you sure you checked that buffer overflow?
Uh, this is specific to Windows how? Microsoft isn't going to be writing the interface, the ATM companies are. And they'd be writing the EXACT same interface on whatver platform you want them to use.
Point 3 - Physical Access: But what happens when trojan-friendly Windows is the OS? Pick the lock, load the software (because there *will* be a floppy, CD-ROM, or USB port for upgrades)
Guess what - the best hackers out there are more familiar with non-Windows OSes than they are with Windows. TiVo runs Linux and it's had the shit hacked out of it. ReplayTV, while still hackable, hasn't had nearly the level of "unofficial" customization. It's a lot easier to muck around with software if you have the source to it.
Now, I'm not saying that Windows is more secure than other OSes. That thought is absurd. My point is that in a very tightly controlled environment, it can be just as secure as the next OS. My other point is that you guys are fucking insane with anti-MS zealotry. Why don't you try looking at the world without that chip on your shoulder.
I work with a lot of embedded controls systems and the use of Windows with these systems (for Human Machine Interface, data gathering, etc) is increasingly common. The security concerns related to viruses and worms are also more common.
Back when more of these systems used Unix, VMS, etc, it was not a big concern. The environment was so heterogeneous that you didn't need to worry. Now that everyone is running Windows, it becomes a huge problem.
I've been helping several of my customers lock things down and better isolate their control systems. There are plenty of ways to do this effectively but it only takes one careless tech to screw the whole thing up. While I'm confident that I can develop the infrastructure and procedures to protect the systems, I'm not confident that the procedures will be adhered to.
This has become such a large concern that many of them are reevaluating their purchasing decisions and considering turning away from Windows. The problem is that nearly all of the vendors are now producing Windows only solutions.
I would like to say that there would likely be similar problems if everyone was running Linux. While you can lock things down when you start to put the systems into the hands of less sophisticated users you will have the same problems. I see this as more of a user problem than a technology problem. The reason that these worms and viruses spread so fast is that users are not taking the procautions that they should.
Anecdotal support for this argument can be found at any large LAN party. There are always a number of bozos running Red Hat infected with all kinds of crap because they have no idea what they are doing.
You can give two guys the best woodworking equipment in the world and the best wood. One will produce an heirloom and the other will be in the emergency room getting his fingers sewn back on. There are more of the latter than the former in this world.
Guys... you have to realize these ATMs (unix, windows, other) are NOT on the public internet. They're not even on the same network as the workstation computers inside the bank. They may not even be using the same protocols, but I don't know about that.
The fact that they run Windows doesn't honestly mean much to me, because if the security experts in those banks are stupid enough to connect an ATM (or any number of other important machines internally) to any sort of public network... they're gonna get fucked at one point or another.
How often do you think a UNIX ATM's kernel/packages gets patched to fix that latest overflow discovered? Probably never.
no comment
Yeah, they have built in failsafes to keep this from happening. Just like the power companies have built in failsafes to keep a massive blackout from occuring.
I'll start working on modifying my ATM card's magnetic strip to overflow the ATMs card reader.
I think you were being funny but I actually develop ATM software and some of the code I have inherited from the previous idiots would have been succeptible to exactly that. It wouldn't get you any money unless you knew the internal protocols for dealing with the cash dispenser in addition to knowing how to exploit a buffer overflow (in which case you would likely know 10 other/better/easier ways to rip it off) but that is almost certainly a hole in more than a few machines out there.
The latter scheme seemed dubious; the chain-letter like WARNING on the machine, and the insertion sensors on card slots I can't see allowing something jammed that far into them. Plus this was at a gas station deep in suburbia where hanging around the ATM would be suspicious, and where the ATM was in a corner making its use a complete screen of the keyboard.
This scam is called the lebanese loop, and involves installing a thin bit of wire into the card slot, which jams the card in there. This of course stops the ATM from actually doing anything, but a kind gentleman behind you suggests that maybe you should input your PIN a second time. While he is shoulder surfing. This of course doesnt work, and the ATM refuses to give your card back, mainly because it actually cant :)
Then you give up, wander into the bank to complain, and he has extracted your card (easy if you know how with these things) and run off to another ATM in the locality to quickly drain your account of everything he can get.
This scam has been ran a number of times in my town, and people keep getting caught out, even tho there are now massive warnings on the ATMs.
It comes down to (1) liability, (2) how well it works, and distantly (3) price. In that order. Most large resellers who would be installing these systems don't use Linux, so they would never pitch it to the banks. Why? Because in the corporate world, everyone knows Windows works and everyone is happy with it. It's a no-brainer to use. What's linux? Who cares? They use Windows every day. When it breaks, they call someone who fixes it. They would view it as "taking a chance" on Linux, and they're not paid to take chances. Upgrading ATMs is probably a deal that takes 3-5 years from the initial start, and that's too much to risk on an OS that they've never heard of.
As someone who has done troubleshooting for these type of systems, I'll tell you flat out, they don't care about security the same way you or I do. What they care about is whether they have someone to blame when it breaks. Sad but true.
/syle
So, are you posting from that ATM right now?
In many european countries ATMs have a secure cryptographic device attached, which stores all cryptographic keys used to encrypt data between the ATM and the ATM server. All cryptographic computations are made in that device and it is designed to "erase it's memory" if someone tries to pull it out or do something weird.
:-) :)
:-) ). The specific drivers exist and also the engineering skills. Moreover banks are very conservative, some still have DOS or OS/2 ATM's so they stick to stuff they know (usually not your favorite free OS).
Normally, the PIN you type is directly transfered (encrypted) to the secure device and does not go through the PC memory. So your PIN is pretty safe from any virus or trojan horse.
These requirements are imposed by VISA/Mastercard, because they take PIN security very seriously.
The remaining risk comes from an insider who would put a trojan horse in the ATM such that it would dispense cash automatically for example if you type a certain key combination
This does not endager your PIN though or any transaction. It's basically a problem for the bank
This is a rather complex attack, even if you have Windows, OS/2 or linux on the ATM (Windows might just make it easier). The hard part is getting into the system (these machines don't run any standard services and there are access control policies). There are easier and less dangerous ways to get money from the credit/debit card systems than hacking into an ATM in a protected environement.
One of the reasons they use windows is because it's the cheapest alternative (YES! Shock!
I've had a picture of this ATM for the past 5 years on my website :)
<grub> Reading
I have had the recent pleasure of watching the V-Com ATM machines being installed in our local convenience stores. They are PC's controlling the system, using Internet connections over TCP/IP to communicate, running Windows NT Workstation 4.0 SP6a. They have a custom keyboard missing the CTRL, ALT, and other state keys, and a touch screen interface to boot. And they can be crashed so easily it goes beyond funny to just plain sad.
The tech doing updates opens the bay, plugs in a regular keyboard, logs on to an e-mail account, and runs the patches distributed that way.
Not something I really would trust with my money!
You can have it fast, accurate, or pretty. Pick any 2.
Device Estonian folks used was actually quite sophisticated. I saw short clip of it on YLE News on TV back then. From later news transmission that part where electronics and construction of device were shown was removed and on the one time they showed it some police came and moved device away from cameras. Guess cops said you're not allowed to show that on TV.
These are facts:
Device had card reader. It was placed on front of real card slot so when you inserted card magnetic stripe was read.
People who's cards got copied said it was difficult to get card out from ATM machine. This was because after transaction ejected card was partially blocked by extra reader device those guys installed.
Keypad had kinda sticks on bottom so when you pushed number on spying keyboard it pushed real button under it at the same time. Electronics connected to fake keyboard recorded your PIN and saved it to NVRAM among content of magnetic stripe it just read as well.
Card reader was connected to keypad module that had most of electronics using cable. Cable was covered with square plastic housing to keep it less obvious what was going on.
Since you got your money from ATM no-one suspected anything fishy until day or two later when your bank account was empty.
Crooks were waiting on nearby car. After some
time they went to ATM and removed their device.
Ok, those were facts. There were some claims that device had also WLAN or some other wireless connectivity so card numbers and PIN codes would have been transferred to crooks realtime. However I think that's just rumour.
Device had factory made looking PCB inside. Probably some SBC development thingy.
If there's someone with Helsingin Sanomat archive access you could probably find more details from there. HS is Finnish newspaper so that part was for finnish readers.
The people that make decisions are worried most about how much it's going to cost.
And you don't think it's conceivable that someone will decide that the cost of losing billions upon billions of dollars when the Windows+TCP/IP+internet connection machines are hacked isn't worth it?
They may not be very security-savvy, but they won't do a massive rollout that will leave them with a nationwide network of completely broken ATMs that divulge money at the drop of a hat. Insider addition of malicious code, while a pain, doesn't even begin to compare cost-wise with complete public access to machines with internet-enabled, free-for-download, no-knowledge-required exploits.
You can catch and arrest a malicious insider if the losses start adding up. You can't just arrest the entire US.
A little over a year ago, I went into my bank to get $20 for lunch or something. I put my card in, typed my pin number, selected which account to get money from, and the amount.
Then all of a sudden, the screen went blue. I stared in disbelief for a moment, then a boot sequence began to display on the screen. And what did I see on the bottom of the screen, but the Microsoft trademark. I couldn't believe it. I had been bluescreened at the bank. I had to get the bank to credit the money back to my account and to get my card back (which I couldn't get back for a couple of days). So I guess you could say that I am less than thrilled about Windows running ATM's.
IANAL... But I play one on