December 26, 2017

ATMs Running on Windows XP in Russia Hacked by Simply Pressing ‘Shift’ Key Five Times in a Row

Microsoft’s 16-year-old Windows XP is an outdated operating system that is no longer updated and nor it receive security updates. So, all ATMs that are still running on Windows XP are at the risk of getting hacked easily.

atm-windows-xp-hacked.

Recently, an employee of Russian blogging platform ‘Habrahabr’ discovered that the ATMs operated by the state-owned ‘Sberbank’ running Windows XP have inherent security vulnerabilities that can be easily exploited by hackers.

The employee was able to gain access to the user interface of the Windows XP operating system installed on the ATM machines. According to him, the machine allowed access to Windows settings and displayed the taskbar and Start menu of the operating system, by turning on the Sticky Keys when special keys like SHIFT, CTRL, ALT, and WINDOWS were pressed 5 times in a row.

The flaw was discovered when that employee was waiting for a call to be picked; out of boredom, he pressed the SHIFT key on the ATM keyboard 5 times in a row. It popped up a prompt telling about the sticky keys feature of Windows. With this prompt, he was able to gain access to other parts of the OS. Once a user has entered the machine’s restricted parts, we don’t need to underline the Windows XP flaws that can be exploited.

YouTube video

According to the reports, Sberbank had been informed of this vulnerability almost two weeks ago that there was a security breach at its ATM machine. While the bank promised an emergency fix of the issue, the user who discovered the flaw claimed that when he visited the terminal again, he discovered that the bug hadn’t been fixed.

Microsoft has urged banks to update the latest version of Windows for ATMs to avoid different kinds of malware attacks. It’s really worrying as still there are many ATM machines running on Windows XP that no longer receive any security updates.

About the author 

Chaitanya


{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}