Slashdot Mirror
ATMs Susceptible to Windows Viruses
Kernkraft400 writes "First there was Windows for Warships, now the same operating system used to power millions of home PCs is likely to be used for cash machines in the UK. I can't wait for the next Windows virus or worm to take down all the cash machines."
Like the actual story: ATMs in peril from computer worms? The Register seems to believe it's partly a scare tactic to sell antivirus software, though.
Windows has been used on (at least) Natwest ATM's for a loooong time - several years at least. I've been in several situations where an ATM is displaying a Blue Screen Of Death. Interestingly enough, they show a trend for solidarity in these matters, when one of set is down, they're all down... Presumably the weakness is in the network layer, or some component that is attached to it.
Not that this means too much (apart from the annoyance factor) though, I've never lost any money due to an ATM crash - I'm pretty sure the system is designed so that the central machine does all the secure stuff, with the ATM being not much more than a calculator keypad.
Simon
Physicists get Hadrons!
The Slammer worm caused significant outages in Bank of America's ATMs.
-- Samir Gupta, Ph. D. Head, New Technology Research Group, Nintendo Co. Ltd., Kyoto, Japan.
Now, ATMs running Windows could very well be susceptible to viruses, but something backing that up would be nice.
There is no sig, there is only Zuul.
Actually, 3.51 had a reputation for being relatively bulletproof.
Remember, they hadn't moved everything into the kernel yet. Even GDI and video drivers were userland. And, of course, they hadn't yet "integrated" Insecure Exploder into the system either, I don't even think IE existed then (NT4 shipped with IE2).
The only reason we have the rights we have is that people just like us died to gain those rights. -- Cheerio Boy
Lets be clear here, its not viruses we worry about. Nobody is going to run Kazaa on their local ATM. Its all about possible remote exploits.
No OS is completely bug free and secure for ever. If the network the ATM's connect to is safe, the box should be safe. If they connect to the internet, I'm moving my money to another bank, no matter what OS they run!
Surur
Information is the location of things. Computation is moving things around.
This did already happen, two years ago I believe, to Diebold ATMs. When it did, I called Wells Fargo (my bank) and asked them what brand of ATMs they use. I got the old, "Why would you want to know that?" question edged with a fair amount of suspicion. I explained that I didn't want an ATM that I used often to be compromised by a virus. I was forwarded to the manager. He ended up giving me a runaround about how Wells Fargo guarantees all transactions on their ATMs and any fraudulent use is refunded. No straight answer on whether they used Diebold ATMs with Windows.
Of course, I went to a few of the ATMs I used and checked them out. All Diebolds. I'm not sure if they were running Windows, but I can assume so. Why would the bank give me such a hard time about who supplied their ATMs? Obviously it wasn't that difficult to just go and find out. It makes me a bit weary that they're trying to implement security through secrecy (let alone secrecy that's not that secret). Plus, being a customer I feel like I have the right to know how my money is handled and what possibilities there are for it being stolen.
Per Square Mile, a blog about density
The reason you're seeing banks deploy new ATM's at a rapid clips this year is because IBM is dropping support for "vintage" OS/2 releases.
Not for OS/2 Warp 4 (That's supported through 2006 at least), but for the earlier releases (3, 2.x, 1.x)...
I believe that most ATM's were based on either OS/2 1.3 or 2.0.
Why we're replacing them with something that is vulnerable to the virus-of-the-week, who knows?
When was the last time you saw an OS/2 virus?
When I was in Europe this summer, I crashed several ATMs (usually of the same branch) just by inserting my card, and guess what they all run some version of windows, it looked like 95/98/2000.
Aparently they dont like the way my card is encoded.
It was very annoying trying to find a bank where I could withdraw money from. At one point we we're joking around to see how many ATMs we could crash in one day.
Actually, I had a recent experience where I think somebody did something like that. I used a Bank Of America ATM at a gas station - it was one of those free-standing boxes that they just put anywhere on the store, as long as it is close to power and a DSL jack. Anyway, I withdrew $20 and left. The next day, I noticed that my account had been drained of funds. I called the bank, and they said that I had withdrawn all the money at that ATM. I had them pull the transactions, and apparently, somebody immediately after me had done mulitple pulls on my account until they got everything. (Only like $120, as it turns out, since I just use that account for petty cash). Anyway, the machine is one of the swiper kinds - it does not keep the card until you are finished, you just swipe it. Since I used a "Fast Cash" option, it should only allow that one transaction, then "log out" my account. If another transaction is attempted, it requires another swipe of my card. Obviously, it did not - either someone hacked the ATM - certainly possible if behind the crappy little cabinet with its crappy little lock the ATM monitor rests on there is a box with a mouse and a keyboard - or there was some kind of software error. I was suspicious of the former since there was a guy hanging around the area of the ATM. BofA refunded my loss and is investigating.