Machines running outdated operating systems, unbacked by corporate security updates, are the easiest types of computers to hack. And most ATMs run Windows XP.
Microsoft is expecting hackers to go to work on machines running XP as soon as the April 8 deadline passes: "The probability of attackers using security updates for Windows 7, Windows 8, Windows Vista to attack Windows XP is about 100 per cent," Timothy Rains, Microsoft's director of trustworthy computing, said recently.
Windows XP was originally launched in 2001 and is widely regarded as the best version of Windows ever. Just under 40% of PC users still run Windows XP on their desktops. Microsoft is trying to force all those users to upgrade to newer, more secure versions of Windows. The company originally tried to migrate everyone off XP back in 2007, but people liked it so much many refused to upgrade. So Microsoft begrudgingly kept up support for XP for seven more years.
Now, Microsoft is finally pulling the plug, and bank ATMs still running XP are about to become Target No.1 for hackers.
The world of bank ATMs moves even more slowly than personal computer users. NCR estimates that up to 95% of ATMs run XP, and that only a third of them will have been converted to new systems by April 8.
Many banks are paying Microsoft to extend support for XP on cash machines while they make the switch to Windows 7, according to Reuters.
Part of the problem is the very ubiquity of ATMs. Because cash machines are everywhere, operated by dozens of major banks and dozens more small companies that provide standalone machines to delis and corner stores, it's difficult to get everyone on board with the new system all at once, Bloomberg says:
The many offshoots of the country's jumbled ATM network, ranging from convenience stores that operate a single antiquated cash machine to national banks that oversee tens of thousands of terminals, are feeling the deadline in different ways, says Suzanne Cluckey, the editor of ATM Marketplace, a news site that serves the industry. More advanced ATM fleets can do the update over their networks. Older ATMs must be upgraded one by one or even replaced entirely if they don't have enough computing power to run the newer, more demanding software. "My bank operates an ATM that looks like it must be 20 years old, and there's no way that it can support Windows 7," says Cluckey. "A lot of ATMs will have to either have their components upgraded or be discarded altogether and sold into the aftermarket-or just junked."
Aravinda Korala, CEO of ATM software provider KAL, believes only 15 percent of ATMs in the U.S. will be upgraded by April 8, he told Bloomberg:
"The ATM world is not really ready, and that's not unusual," he says. "ATMs move more slowly than PCs."