Slashdot Mirror


ATMs Susceptible to Windows Viruses

Kernkraft400 writes "First there was Windows for Warships, now the same operating system used to power millions of home PCs is likely to be used for cash machines in the UK. I can't wait for the next Windows virus or worm to take down all the cash machines."

9 of 403 comments (clear)

  1. (Very) old news by Space+cowboy · · Score: 5, Insightful


    Windows has been used on (at least) Natwest ATM's for a loooong time - several years at least. I've been in several situations where an ATM is displaying a Blue Screen Of Death. Interestingly enough, they show a trend for solidarity in these matters, when one of set is down, they're all down... Presumably the weakness is in the network layer, or some component that is attached to it.

    Not that this means too much (apart from the annoyance factor) though, I've never lost any money due to an ATM crash - I'm pretty sure the system is designed so that the central machine does all the secure stuff, with the ATM being not much more than a calculator keypad.

    Simon

    --
    Physicists get Hadrons!
  2. Already happened... by Samir+Gupta · · Score: 5, Insightful
    --
    -- Samir Gupta, Ph. D. Head, New Technology Research Group, Nintendo Co. Ltd., Kyoto, Japan.
  3. WTF? Where is the article? by jdreed1024 · · Score: 5, Insightful
    Perhaps I missed something, where is the article that says ATMs are susceptible to Windows Viruses? All I see is a pointer to an article on battleships, and someone's speculation.

    Now, ATMs running Windows could very well be susceptible to viruses, but something backing that up would be nice.

    --
    There is no sig, there is only Zuul.
  4. Misleading Title by jerw134 · · Score: 4, Insightful

    The title of this story is extremely misleading. It's stating something like it's a fact, although it's not even close. It's actually more of a question. But this is Slashdot, so I shouldn't expect too much.

  5. What Virus? by Launch · · Score: 4, Insightful

    The title of this post says that Windows for ATMs are "Susceptible to Windows Viruses" but as far as I can tell this is just speculation... Is there actually any proof out there that these machines would be any more (or less?) susceptible to viruses? I'm suprised this made it through, no substance and just a lot of name calling at MS.

    --
    Your mammas flamebait.
  6. Re:It's bound to happen by red+floyd · · Score: 5, Insightful

    Actually, 3.51 had a reputation for being relatively bulletproof.

    Remember, they hadn't moved everything into the kernel yet. Even GDI and video drivers were userland. And, of course, they hadn't yet "integrated" Insecure Exploder into the system either, I don't even think IE existed then (NT4 shipped with IE2).

    --
    The only reason we have the rights we have is that people just like us died to gain those rights. -- Cheerio Boy
  7. Remote exploits, not viruses by Surur · · Score: 5, Insightful

    Lets be clear here, its not viruses we worry about. Nobody is going to run Kazaa on their local ATM. Its all about possible remote exploits.

    No OS is completely bug free and secure for ever. If the network the ATM's connect to is safe, the box should be safe. If they connect to the internet, I'm moving my money to another bank, no matter what OS they run!

    Surur

    --
    Information is the location of things. Computation is moving things around.
  8. Critical Software Choices by thpr · · Score: 4, Insightful
    Time to market. Cost. Even other concerns. There are many different decision drivers.

    In order to (1) catch up with a competitor or perhaps (2) get an "easier" development environment [easier being defined as one where the programmers are commodity and the system doesn't require buidling graphical components from scratch], 'easy' choices are made.

    In the end, the bank isn't doing the development, but purchasing a final product... there are tons of variables to an ATM beyond the underlying OS; and honestly, not all that many large vendors to choose from (and a large bank will almost never choose a small vendor, over concerns for longevity and support). Microsoft has made a major push for Windows in many places and makes it as easy as possible for people in different markets to use their OS. It is really the responsibility of the purchasing organization (in the case of an ATM, the bank or credit union) to choose a good solution. But it's a painful balancing act.

    By the way, if you really want to be disturbed by how liability for bad software isn't an issue, think about this: the US Federal Aviation Administration requires that every component put into an aircraft must not fail during the life of the aircraft. The next sentence then exempts software from this limitation.

  9. ATMs and modern OSes by davidwr · · Score: 4, Insightful

    An ATM need not be much fancier than a gas pump.

    It needs:
    A card reader.
    A cash dispenser.
    A video display.
    A keyboard input.
    A communications channel to HQ.
    A printer.

    Most run "semi-locally" rather than as completely-dumb terminals.
    Most have an "administrator mode" and keep additional local state. For example, they know how much of what kinds of bills they have left.

    Most have security cameras, but these need not be "logically" part of the ATM, they can be standalone devices.

    Banks have used full-featured ATMs for years. In the early-mid 1990s, OS/2 was the major player. These days it's MS-Windows. 10 years from now, it will probably be something else.

    The key security issues with ATMs are:
    1) physical security and local encryption of sensitive data in case physical security is compromised, e.g. someone steals the whole ATM.
    2) network security - all communications are encrypted
    3) isolated network - no direct access to or from the Internet
    4) audit trail, e.g. local encrypted recording of all transactions, preferably to write-once media.

    I'm sure I left out some things. Please feel free to add.

    So, anyone know of any in-use Linux-based ATMs? Even better, anyone know of any totally-Free-and-open-source-software ATMs?

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.