Journalists all over the place are writing that ATMs still use Windows XP

[NojusK]

https://www.techradar.com/news/atm-security-still-running-windows-xp

https://www.itproportal.com/news/security-firms-warn-that-most-atms-still-run-windows-xp/

https://www.theregister.co.uk/2018/11/14/atm_security_lousy/

https://nakedsecurity.sophos.com/2018/11/16/how-to-rob-an-atm-let-me-count-the-ways/

Maybe those ATMs run POSREADY 2009 or Windows XP with the Posready trick.

Edited November 17, 2018 by someguy25

[FranceBB]

Definitely Windows Embedded Standard, which is still supported 'till January 8th 2019 or POSReady which is supported 'till April 12 2019.

By the way, WES and POSReady are spread all over the world not just in ATMs, but also in fuel pumps, train stations, tills, self-checkouts, and so on.

[NojusK]

35 minutes ago, FranceBB said:

Definitely Windows Embedded Standard, which is still supported 'till January 8th 2019 or POSReady which is supported 'till April 12 2019.

By the way, WES and POSReady are spread all over the world not just in ATMs, but also in fuel pumps, train stations, tills, self-checkouts, and so on.

Oh so PosReady until April 12 2019 i though it was April 9?

[FranceBB]

Oh, nope, sorry, my bad, I was thinking about Windows Embedded for Point of Service which ended on April 12, 2016. POSReady 2009 ends on April 9.

Edited November 17, 2018 by FranceBB

[Mathwiz]

Not that three days is that big a difference

[caliber]

most of the embbeded machines are switching to POSReady 7, 8...

everything on earth has a life end and 2019 it's the turn of XP.

[jaclaz]

Well, everything comes from the study by Positive Technologies, article:

https://www.ptsecurity.com/ww-en/analytics/atm-vulnerabilities-2018/

Actual "paper":

https://www.ptsecurity.com/upload/corporate/ww-en/analytics/ATM-Vulnerabilities-2018-eng.pdf

https://regmedia.co.uk/2018/11/14/positive_tech_atm_vulnerabilities.pdf

 

TLDR:

If you can have physical access to either the machine (and its connections) or to the network it is on (preferrably on the segment between the ATM and the router), it is game over. (hardly "news").

Adding to it the "corollary" on the number of machines running XP as if it was - even remotely - relevant is the usual FUD spread by the journalists (that possibly didn't actually read the paper or even if they did, did not understand its contents).

jaclaz

 

[FranceBB]

48 minutes ago, jaclaz said:

Adding to it the "corollary" on the number of machines running XP as if it was - even remotely - relevant is the usual FUD spread by the journalists (that possibly didn't actually read the paper or even if they did, did not understand its contents).

 

Exactly.

And I'm pretty sure they'll start doing the same thing for Windows 7 soon...

[hotnuma]

3 hours ago, jaclaz said:

Adding to it the "corollary" on the number of machines running XP as if it was - even remotely - relevant is the usual FUD spread by the journalists (that possibly didn't actually read the paper or even if they did, did not understand its contents).

 

It took seven messages in this thread to detect the FUD spread by a company that sells "security".

Edited November 19, 2018 by hotnuma

[Mcinwwl]

1 hour ago, hotnuma said:

It took seven messages in this thread to detect the FUD spread by a company that sells "security".

Actually not by the company that sells 'Security', as the paper itself looks professional, but by the clickbait-driven Mass Media that refer to it, all of them linked the first post.