Bank ATMs worldwide remain vulnerable to security hacks according to Bank Info Security®. A recent large theft of cash from dozens of ATMs in Taiwan using malicious software highlights the continuing problem. Investigators suspect two Russian nationals were behind the hack. Three types of malware were reported to have been used, which may have enabled the bad guys to command the machines to dispense large amounts of cash simply by sending a text message.
ATMs are considered vulnerable because of their aging software. According to Kaspersky Lab, about 90% of the world’s ATM machines still run Window XP, the software operating system Microsoft generally stopped supporting in April 2014. Most ATM manufacturers continued to use Windows XP, layering on other security software while trying lock down the operating system to protect account data. In addition to using old software, some ATMs are physically accessed by a single key that opens up an entire fleet of the physical boxes holding the machine’s computer—a triumph of human convenience over security. Finally, ATMs need a network connection in order to communicate with banks, so like all IoT devices and machines, they are vulnerable to remote hacks.