March 18, 2014

End of Windows XP support puts ATMs at risk - @WindowsXP - @Microsoft

In less than a month, most of the world’s ATMs and a large portion of its computer-based industrial control systems will become a lot more vulnerable to hackers and viruses. provide ID, they turned around. PHOTO: REUTERS/Mario Anzuoni/files
On April 8, Microsoft will stop issuing updates and patches for bugs in its Windows XP operating system, which was released in 2001 but remains widely used, as companies put off the costly and complex task of system upgrades.

That delaying will make it easier for hackers to break into the main systems still running XP, security experts say, in part because Microsoft will continue issuing updates for the three newer versions of Windows. Those updates can be reverse engineered to find weaknesses in XP.

“The probability of attackers using security updates for Windows 7, Windows 8, Windows Vista to attack Windows XP is about 100 per cent,” Timothy Rains, Microsoft’s director of trustworthy computing, told a recent computer security conference in San Francisco.

The potential security problems that will follow the end of Windows XP support could be greater than when Microsoft ended support for even older systems, Windows 95 and 98. The number of computers worldwide has grown, particularly in poorer nations, security experts point out. The system has also been around far longer than its predecessors, more than 13 years compared with less than a decade for Windows 98 and Windows 95.

“As more and more people connect, the potential targets and range of systems that can be exploited grows,” said Brian Honan, a Dublin-based computer security consultant.

About 40 per cent of personal computers still use Windows XP, according to data from research group Netmarketshare. Beyond PCs, Windows XP also powers ATMs, medical devices, industrial control systems and some of the hardware used for swiping credits cards, said Jaime Blasco, malware researcher at AlienVault.

More than 95 per cent of ATMs also run the operating system, according to NCR, the largest provider of ATMs globally. It expects only a third of ATM providers will upgrade before Microsoft’s April 8 cut-off.

The challenge, said Mr Blasco, is that many companies have built their own software that is only compatible with XP. Rebuilding that is expensive and ironing bugs out of the new version would take time.

#ATM #WindowsXP #Microsoft

1 comment:

Oona Houlihan said...

When the Y2K (date) chaos was set to strike, companies knew about it at least thirty years earlier. And little happened until five years before the dead line in many cases. Again, the ATM industry knew since several years what was coming. And Microsoft had already extended its original Windows XP maintenance window. The banks seem to have waited even until AFTER the deadline from what you report. This is a strange way of dealing with potential malfunctions that literally open the bank vaults to intruders who are likely not to get caught if successful.