Windows XP, Microsoft’s flaw-ridden operating system effectively becomes obsolete on April 8 when the Redmond, Washington, software giant cuts off all support for the creaky OS. That means, no more upgrades or patches to fix security holes.
But cyber-crooks aren’t waiting for the April 8 Windows XP zero hour. According to the computer security company Symantec, some devious hackers are already figuring out how to use a specific vulnerability in Windows XP to extract cash from ATM machines — by remote control.
Whether this clever form of bank heist has actually happened or is just a theoretical possibility, Symantec isn’t clear. A recent blog post on the Symantec corporate site sounded the alarm about the threat — but gave no actual cases where hackers have actually managed to get an ATM to spit out cash like a slot machine that hits the jackpot, using the Windows XP security flaw.
The real problem, however, is that according to Symantec, almost 95 percent of ATMs — which after all are nothing but free-standing computers that do one thing, process cash — run on some version of Windows XP.
Given that Windows XP is being abandoned by its maker on April 8 means that banks and ATM machine operators will be extremely vulnerable to security threats.
Symantec warns that there is a type of malware — a program designed to do something bad, destructive or illegal to the computer running it — identified by the name “Ploutus,” which when installed in an ATM opens the machine up to a hacker and his cell phone.
Simply by sending a text message to the Ploutus-infested Windows XP ATM, a cyber-crook can get the machine to cough up as much cash as he needs.
But despite Symantec’s earnest warnings, some tech-experts are skeptical that even with the known flaws in Windows XP, remote control ATM robberies are a real thing. The main issue is that unlike some forms of malware that travel via the internet, an unscrupulous hacker must have physical access to the inner workings of an ATM in order to get the Ploutus system in place.
“Access to the insides of the ATM, is heavily guarded,” noted mobile technology expert Larry Seltzer. “Even in the case of the convenience store, you have to be able to pick the locks and you have to deal with security cameras. I’m sure it can be done, but it’s not easy.”
In other words, to rob an ATM, a hacker needs more than a knowledge of Windows XP security flaws, he needs to be something like a safecracker as well.
In any case, even critics like Seltzer agree, it is time for banks to ditch Windows XP, for the good of their customers and themselves.