ATMs face hacking threat as Microsoft halts updates

ATM machines of major banks will face greater hacking threats when Microsoft halts upgrades to its Windows XP operating system (OS) used in the majority of cash points around the world.

Microsoft announced earlier this year that it would stop providing updates for Windows XP on April 8, the software it introduced in 2001, but many companies still use the out-dated OS due to the massive costs associated with system updates.

Upgrades to the Windows XP software are crucial for protecting against the latest cybersecurity threats.

PhotoAlto | PhotoAlto Agency RF Collections | Getty Images

PhotoAlto | PhotoAlto Agency RF Collections | Getty Images

The banks plan to upgrade to a newer operating system in due course, but the lack of updates in the meantime could leave bank details vulnerable to theft, experts warn.

“It is absolutely a concern,” Ernest Hilbert, former FBI agent and head of cyber investigations for EMEA at risk consultancy Kroll, told CNBC in a phone interview.

(Read moreCan your fridge be hacked in the ‘Internet of things’?)

“The bad guys are going to continue to look for a way into the system but there is going to be nobody on the back end to fix it. And if there is nobody fixing it and the problems are such that they are opening up a hole, then these bad guys can walk right in.”

Microsoft did not respond to CNBC’s request for comment.

‘Cybersecurity dangers’

About 95 percent of ATMs around the world run Windows XP, according to NCR, the largest provider of cash machines globally. The company predicted that only a third will upgrade their systems to a higher version of Windows before Microsoft’s deadline.

The United States Computer Emergency Readiness Team, a part of the Department for Homeland Security, also warned last week that running unsupported software causes an “elevated risk to cybersecurity dangers” and certain organizations under specific regulatory control may “no longer (be) able to satisfy compliance requirements”.

(Read moreMicrosoft reports may aid hack attacks on businesses.

Without Microsoft sending the necessary security updates, people’s bank account details could be at risk, according to Professor Tim Watson, director of the Cybersecurity Center in department of WMG at the University of Warwick.

“If someone finds a really bad security flaw that means that somebody can do something compromising while you’re typing in your pin code,” Watson told CNBC in a phone interview.

Banks upgrading?

Major banks however told CNBC that they have signed deals with Microsoft to extend the support of Windows XP while they upgrade to protect their users.

(Read moreMicrosoft to slash Windows price: Report)

Spokespeople for the Royal Bank of Scotland Group (RBS) and Lloyds in the U.K. said they have agreed extended support from Microsoft for Windows XP until 2017 and 2016 respectively. RBS said it would upgrade to Windows 7 before 2017, while Lloyds added it will start to roll out the updated OS at the end of the year.

A Barclays spokesperson told CNBC that “no Barclays cash machine will be negatively impacted by this change” and the bank is currently negotiating an extension for Windows XP support. “Barclays is not reliant on on-going XP updates to ensure the integrity of its network,” the spokesperson added.

HSBC said that the bank has agreed to support all Windows XP systems in the company but could not give details about how long that deal was in place. It was updating its ATMs with the view of completing an upgrade in 2015.

—By CNBC’s Arjun Kharpal. Follow him on Twitter @ArjunKharpal

This entry was posted in Cybersecurity, Technology. Bookmark the permalink.

Leave a Reply