It’s effortless for any individual to bypass security on an ATM running the ancient Windows XP operating system, according to a Russian tech news site. These ATMs can be hacked simply by pressing the Shift key five times in a row, activating the “sticky keys” feature. Once done, hackers can alter the ATM scripts, and also install malicious software on the system.
Russian-language Habrahabr demonstrated the security loophole on a Sberbank Bank ATM that operates on the old Windows OS. It’s now a given that computers running on Microsoft’s old and no-longer-supported Windows XP operating system are vulnerable to exploitation. Its defenseless security protocol makes it easy to breach the system.
The Habrahabr employee stated, “Well, I, standing at the terminal of the Savings Bank with a full-sized keyboard and waiting for the operator to answer the phone, decided to press the Shift from boredom, naively believing that without functional keys this would lead to nothing. No matter how it is! Five times quick pressing of this key gave me that very little window, besides revealing the task panel with all the bank software.”
According to WinFuture, a German site, Sberbank has been aware of the threat for a couple of weeks. The state-owned bank has guaranteed an immediate fix, yet after weeks hackers can still exploit the security gap.
Hackers can gain complete access to various components of the operating system using just the touchscreen on the ATMs.
Despite its known vulnerabilities, many banks around the world still run on Windows XP. In the past, to avoid malicious attacks, Microsoft advised banks use the latest version of Windows — which still receive security updates — to operate ATMs.
Although Microsoft stopped releasing updates for the ancient operating system in 2014, the company realized the need to support the XP operating system due to the spread of the “Wannacry” ransomware. Just months before, Microsoft released patches for Windows XP as well as Windows 7 and Windows Vista, to battle the malware outbreak suspected to have origins in North Korea.
Moreover, Microsoft won’t release any regular security updates for Windows XP. Hence, banks that still run the OS are always at risk, as the Redmond giant is no longer supporting its 16-year-old OS.
The employee said (machine translated from Habrahabr): “All this happened on the sixth of December. Two weeks later I decided to check that there is a terminal. Still, after all, they said that they ‘fixed’ the problem, probably they should have already eliminated it, but no — It’s still there, the window still pops up.”
It seems the bank has failed to fulfill its promise to secure all ATMs with an immediate fix. Security is vital in the banking sector, but it appears the Sberbank of Russia is neglecting the threat. Since banks guarantee their customers’ deposits against this kind of theft, why don’t they care about losing their own money?
Isn’t it high time banks upgraded to the latest version of their Windows operating systems? Let us know your thoughts in comments section below.
Images via PlusWorld, Wikimedia Commons