Despite Microsoft’s warnings that Windows XP is no longer supported with security updates, ATMs everywhere are still using the antiquated operating system. A security researcher has now demonstrated on video how a hacker can drill a hole into an ATM, connect a cable and infect the money-vending machine with malware to dispense cash at will.
Reports of cash machines getting hacked have been abundant in recent years. While banks have taken steps to secure the cash dispensers, most ATMs continue to run the outdated Windows XP operating system, making them highly vulnerable to attacks.
This demonstration by Positive Technologies for BBC Click requires the hacker to take a drill to the machine, pull out a USB cable and physically infect the ATM with malware. Although it’s not the most delicate of hacks, it is practical, according to Leigh-Anne Galloway, a security expert with Positive Technologies.
Asked “what’s inside [the ATM],” Galloway replied, “this is just a normal computer … it’s just a safe with a computer on top.”
Minutes into the video of the hack, the familiar sound of an ATM counting cash could be heard. Seconds later, the machine spits out a £20 bill.
The one-and-a-half minute video is available here.
The malware can be used to collect credit card information, and can spread around an entire network of ATMs, Galloway said.
Until banks can make their ATMs harder to hack, it is recommended that you pull out cash from machines equipped with a camera, or those found in bank branches.
The video demonstration is a first, but the hacking method, unfortunately, isn’t. Reports of hackers emptying ATMs with a drilled hole and $15 worth of gear have been circulating since April.
Windows XP remains one of the most vulnerable operating systems, and surely remains the preferred target of most cybercriminals. Consumers and businesses alike continue to make heavy use of the software, despite AV vendors’ warnings.
At the time of this writing, Windows XP holds approx. 7% of the desktop OS market, making it the third most-used desktop OS, behind Windows 10 (26.8%) and Windows 7 (49.04%).