Just 14 days remain until Microsoft cuts off support for Windows XP and as we have reported before, the 12 year old operating system is used in 95 percent of all ATMs. Now a new report by software security company Symantec claims that hackers are already finding ways to attack these cash machines via a combination of malware and hardware.
One of those methods is to install a specific malware called Backdoor.Ploutus, which was first discovered in 2013 in Mexico. Hackers used it to get money out of ATMs via an external keyboard. A variant of that software, called Backdoor.Ploutus.B, was later found in early 2014. It has not only been written in the English language but had been modified so that hackers could simply send a SMS command to the infected ATM when another mobile phone connected to it.
Symantec says they were able to replicate this kind of attack in their labs. They claim that protecting older ATMs that still have Windows XP installed from this kind of method will be "more challenging" and offer a number of ways banks can protect their machines, not the least of which is upgrading to Windows 7 or 8. Many banks are already in the middle of their ATM OS upgrade and play to pay Microsoft lots of money to continue to support Windows XP past April 8th until that task is finished.
It is important to note that many ATMs run Windows XP embedded (toolkit and runtime) which will not reach an end of life until January of 2016.
Source: Symantec | Image via Symantec