Is the End of Windows XP Support Putting ATMs at Risk?

The impending deadline of the discontinuation of Windows XP support by Microsoft (April 8, 2014) is fast approaching. Quick Heal has proactively warned retail users and enterprise users about the risks involved, but it is now time to understand a very different kind of threat associated with this approaching date.

atm-windows-xp-650x0

Banking operations, especially ATM services, are likely to be affected beyond the EOL (End of Lifetime) date of Windows XP as a majority of the ATMs in India, and the world, still operate on Windows XP. ATM kiosks are powered by mini-computers and these computers require a stable operating system. Hence, Windows XP has been the popular choice for over a decade now.

However, with Microsoft cutting off support for XP, is this going to adversely impact ATMs in India and open them to hackers, malware and other security risks?

ATMs in India – Numbers & Facts at a Glance

While the exact figures for the percentage of ATMs in India that run on XP is not documented, the total number of ATMs in the country has steadily grown. So it would be fair to assume that a majority of these machines would be rendered vulnerable due to support being cut off for XP by Microsoft.

  • As per Reserve Bank of India (RBI) stats for November 2013, the number of operational ATMs in India are as follows:

Type

On-Site ATMs

Off-Site ATMs

Total ATMs

Public Sector Banks

52,311

36,777

89,088

Private Sector Banks

16,598

30,164

46,762

Foreign Banks

270

960

1,230

Grand Total

69,179

67,901

137,080

Link for checking these numbers – https://www.rbi.org.in/scripts/ATMView.aspx

  • The National Payments Corporation of India (NPCI) is an umbrella organization that overlooks retail payments by the RBI and other banks in India. The NPCI also operates the National Financial Switch which is used for inter-connectivity between the ATMs of different banks. As per the NPCI, the total number of ATMs in India as of February 2014 was 155,387.
  • As per the ATM Industry Association (ATMIA), only 38% of the 425,000 ATMs in the United States would have migrated from Windows XP beyond the EOL date. This would leave more than 250,000 ATMs in the US still at risk.
  • ATMs in India are provided by several third-party vendors like NCR, Diebold, Wincor Nixdorf and Vortex.

atm growth india 2005 - 2015

Are the Security Risks Being Exaggerated?

While the dangers of using XP beyond April 8, 2014 are now known, there is a possibility that the security threats against ATMs have been misrepresented and exaggerated. After all, most attacks on ATMs in the past have been physical attacks at the hardware level and not at the software level. However, it is also plausible that this may change after the deadline as ATMs running XP will become more vulnerable.

1T0R2167_610x407

Nonetheless, ATMs are usually too isolated and protected to launch a software attack against. If an attacker can hack into a bank’s system and launch a malicious code in all its ATMs, then the bank has more worrying concerns than upgrading XP on its ATMs.

Some notable points for why these threats may be exaggerated are as follows:

  • Though ATMs run on x86 processors and basic PC architecture, they are very different from standard PCs. They run on an embedded version of XP which vastly differs from the regular version of XP that is found in the market. So the security risks that regular users are exposed to, do not exist in this case.
  • ATMs do not connect to the Internet and pull updates as PCs do.
  • ATMs are also generally protected by heavy Firewalls and antimalware programs. Therefore, infiltrating them is not as easy as PCs.
  • It is also safe to assume that banks and financial institutions possess the awareness and technical expertise to safeguard ATMs against the security threats of running XP on them.

What Could be Stopping Banks from Upgrading?

So while the result of running XP on ATMs is not going to be as devastating as reported by many, upgrading it is still a recommended precaution. There are more stable and secure options available in the market so it would be reckless for banks to stick with systems that have been around for decades but are now obsolete.

RuPayRoadmap

However, here are some factors that may be stopping banks from initiating a migration plan:

  • Since the ATMs that run XP would have been around for many years, they would also need a hardware upgrade while upgrading the software. This would be both expensive and time consuming.
  • Another reason why some banks may be refraining from upgrading their ATMs is the Europay MasterCard Visa (EMV) enforcement that will most likely become mandatory in the next few years. EMV enforcement (known as RuPay in India) requires all debit/credit cards to have an integrated circuit card, or a chip, to avoid card fraud. This enforcement will require most old ATMs to be upgraded anyway. So it may make sense for ATM manufacturers to hold on and solve both these issues together. Read more about EMV here.

While the threat of using Windows XP beyond the EOL date exists for home users and enterprise users, it is perhaps unwise to assume that all the ATMs of the world would also be susceptible to the same risks.

There are several news stories that are doing the rounds about this and they are creating a false sense of panic about the repercussions. We would like to pitch in with our own two bits here and proclaim that ATMs are not going to be afflicted by the removal of XP support by Microsoft to the extent that it is being reported.

Rahul Thadani

Rahul Thadani

Follow @

Subscribe
Notify of
guest
65 Comments
Inline Feedbacks
View all comments
Harish Bharati
Harish Bharati
6 years ago

Thanks for your valued information………..:-)

Mohammed
Mohammed
6 years ago

Thanks for your importanct information

keerthi sree
keerthi sree
6 years ago

Thanks for your valuable information and it is very helpful to public 🙂

Laxmi Narain Chawla
Laxmi Narain Chawla
6 years ago

I am lucky having Quick Heal security on my system as this not only saves my computer from the external attacks but I also receive such valuable information time to time.

NIHAR RANJAN PATI
NIHAR RANJAN PATI
6 years ago

IF IT IS FACT, THEN IT IS A MATTER OF CONCERN & THEN THERE MUST BE SOME REMEDY FOR IT & TIME IS PASSING AWAY.SO……

SUSHIL TIWARI
SUSHIL TIWARI
6 years ago

Thanks for the information…. than what to do??// Any solution for this…..

Sumalata
Sumalata
6 years ago

sad to say end of Xp,but new information i got thank u……

Sumalata
Sumalata
6 years ago

Thanks for valued information

manoj patel
manoj patel
6 years ago

my antivirous has not update please give me idea

Rajiv Singha
6 years ago
Reply to  manoj patel

Hi Manoj,

There could be several reasons behind this. Kindly contact our support team at 0-927-22-33-000.
You can also raise a query at https://www.quickheal.com/submitticket.asp. Our support team will get back to you to resolve the issue you are facing.

Regards,

prabhakarMachiwal
prabhakarMachiwal
6 years ago

This is a very important and valuable information for all.

NIKHIL
NIKHIL
6 years ago

thank you for sharing the important information, Quick Heal flashed a message on my HP laptop screen which forwarded me to this link….

you are doing a tremendous job quickheal….

Sambhu
Sambhu
6 years ago

it’s vary nice software ,it use u can save u r mobile….

BHAT ARSHID
BHAT ARSHID
6 years ago

important and valuable information thanking for you

srinivas
srinivas
6 years ago

gud and useful information. tahnks. should be sharing with others.

vrushabh
vrushabh
6 years ago

This is a very important and valuable information for all……

Manoj Kumar
Manoj Kumar
6 years ago

This onecis a very important information. Thnxx a lot for this type of information.

swapnil
swapnil
6 years ago

Worthy and valuable information..
Thanks a lot…

ranjan
ranjan
6 years ago

sad to hear about xp. useful info. thanks

Srikanta
Srikanta
6 years ago

Thank u for ur valuable information..

mamta
mamta
6 years ago

give the list of banks those who update their software

Sanmati
Sanmati
6 years ago

Valuable information

anjan
anjan
6 years ago

thanks for this information

Rajeev Trivedi
Rajeev Trivedi
6 years ago

If some one clones the debit card and injects VIRUS in ATM, would than be Microsoft supporting after 8-1-2014?

Ansumay Datta
Ansumay Datta
6 years ago

Thanks a lot to Quick Heal not only for their preventive measures against antivirus,spyware etc.but also for information on valuable current topics.

Anand
Anand
6 years ago

It’s nice to have such an antivirus, which have protected my system for last seven and half years, thank you u guys are doing a great job, only one thing i like to add which is that soon after this news i upgraded my system to win 7 with xp in dual boot but sadly our antivirus does not allow single copy to run on dual boot system as now i have to purchase one more copy for win 7 too, though its one system but with two os. anyways thanks and keep up the work.

Navnath Rode
Navnath Rode
6 years ago

hanks for your importanct information

Praful
Praful
6 years ago

Very useful information. Thanks.

INDRAPAL
INDRAPAL
6 years ago

verry interesting

INDRAPAL
INDRAPAL
6 years ago

meney more risk to avoids

INDRAPAL
INDRAPAL
6 years ago
Reply to  INDRAPAL

tks.a lot & best regds………

Sharad Phadke
Sharad Phadke
6 years ago

What is “Onsite” and “Offsite” and how they are affected.
If onsite is in Bank itself there is less danger of tempering ATM Booth.

TAPAS CHANDRA
TAPAS CHANDRA
6 years ago

very interesting & also useful information. Thanks.

Rev Dr Rahul Uthwal
Rev Dr Rahul Uthwal
6 years ago

Thanks for this information.

K. R. Jangid
K. R. Jangid
6 years ago

This write up has removed much of confusion spread among ATM users by various sources. Thanks a lot.

C.Radhakrishnan
C.Radhakrishnan
6 years ago

Very useful information. Thanks.

G C Panda
G C Panda
6 years ago

Thank you for very useful information.

J P Pawar
J P Pawar
6 years ago

Dear Sir,

Before using ATM Machine,how to know it updated for window-7,8 how to know,secondly some safety precautions may pblish for ATM CARD user.

J P Pawar
J P Pawar
6 years ago

Thanks for alert relate to Window XP.

Arvind Kumar
Arvind Kumar
6 years ago

Thanks for very usefull informations.

Arvind Kumar
Arvind Kumar
6 years ago

Thanks; I needed this information.

Arvind Kumar
Arvind Kumar
6 years ago

Quick heal is ultimate solution for security.

Anirban Chakraborty
Anirban Chakraborty
6 years ago

Thank You so much Mr. Rahul Thadani for this important discussion. ATMs are the most modernized place to fulfill many banking requirements of people belonging from all classes. Here security is the highest concern for all the stakeholders of an ATM. But apart from this issue, there are some other problems still existing in the modern ATMs, irrespective of any bank. Running on embedded version of windows XP some ATMs hangs frequently. Customer’s account is debiting with no cash dispense is a common problem in many ATMs. People from urban ares can resolve this problem by contacting their respective banks… Read more »

SURINDER VIRDI
SURINDER VIRDI
6 years ago

Few days back I have installed Quick Heal Total security in my computer, but it is opening in the temporary profile only, it does not save any new files.Is it because I have not yet activated the key to avail the 20 days grace period.What should I do to fix this problem.

Parmeshwari P
Parmeshwari P
6 years ago

Its very important and valuable.Panic created in most of the ATM card holders get sigh of relieve.Thanks.

Thiru
Thiru
6 years ago

Thank you Rahul Thadani for the info. i have a query! why do we need to upgrade our anti-virus every third day? why cant you’ll provide updates which will last for at-least a week? its just using my data(which i have to spend my pockets on) everytime i start my PC..

Gapsh Dingsar Rai
Gapsh Dingsar Rai
6 years ago

thanks for important information

Hosen Sagar
Hosen Sagar
6 years ago

Thanks a lots for Such type of information,but how can somebody know about the operating system of a ATM because normally it shows its sbi programme software that asking for inserting card ?

Pranab Pain
Pranab Pain
6 years ago

Thank you for this…

Durvesh
Durvesh
6 years ago

Thank you Quick Heal for information. Actually this is the responsibility of RBI or concerned authority to make people aware of this important fact. Let it be. Thanks.

Bidhan Duttas
Bidhan Duttas
6 years ago

Thanks for the valuable information.

hemant
hemant
6 years ago

Hi, first of all thanks for the information!
And one more thing that I had downloaded quick heal total security before one month.after one month it has started showing me that plz activate using product key or “get free extension”.I am still trying to get free extension but I am unable to get because the message is not getting send.(as we know quick heal give free extension if we recommend it to two people). I did all the things to send message but still I can not…plz help..

Rajiv Singha
6 years ago
Reply to  hemant

Hi Hemant,

Thank you for choosing Quick Heal. We would request you to kindly contact our support team so that they can provide you with an appropriate solution to this issue. You can contact them at at 0-927-22-33-000.

You can also raise a query at https://www.quickheal.com/submitticket.asp. Our support team will get back to you to resolve the issue you are facing.

Regards,

65
0
Would love your thoughts, please comment.x
()
x