Microsoft’s 16-year-old Windows XP is an outdated operating system that is no longer updated and nor it receives security updates. So, all ATMs that are still running on Windows XP are at the risk of getting hacked easily.
Recently, an employee of Russian blogging platform ‘Habrahabr’ discovered that the ATMs operated by the state-owned ‘Sberbank’ running Windows XP has inherent security vulnerabilities that can be easily exploited by hackers.
The employee was able to gain access to the user interface of the Windows XP operating system installed on the ATM machines. According to him, the machine allowed access to Windows settings and displayed the taskbar and Start menu of the operating system, by turning on the Sticky Keys when special keys like SHIFT, CTRL, ALT, and WINDOWS were pressed 5 times in a row.
The flaw was discovered when that employee was waiting for a call to be picked; out of boredom, he pressed the SHIFT key on the ATM keyboard 5 times in a row. It popped up a prompt telling about the sticky keys feature of Windows. With this prompt, he was able to gain access to other parts of the OS. Once a user has entered the machine’s restricted parts, we don’t need to underline the Windows XP flaws that can be exploited.
According to the reports, Sberbank had been informed of this vulnerability almost two weeks ago that there was a security breach at its ATM machine. While the bank promised an emergency fix of the issue, the user who discovered the flaw claimed that when he visited the terminal again, he discovered that the bug hadn’t been fixed.
Microsoft has urged banks to update the latest version of Windows for ATMs to avoid different kinds of malware attacks. It’s really worrying as still there are many ATM machines running on Windows XP that no longer receives any security updates.