Here's how hackers can exploit Windows XP-running ATMs to steal cash

Microsoft has announced that it will be ending support for Windows XP on April 8. While home and business owners need to upgrade to keep up with the latest security patches, the fact remains that a lot of people are still stuck on Windows XP, including as we have seen most of the ATMs in the world.   Windows XP is still being used in 95 percent of ATMs and Microsoft has said that banks and machine vendors need to upgrade as soon as possible to mitigate the obvious security threats. But if you thought these threats were a bit exaggerated, you have another think coming.   According to security software company Symantec , “hackers can seriously exploit those ATMs that are still running on Windows XP.”  A blog post points out how cyber-criminals are targetting ATMs in a new way using a malware called Backdoor.Ploutus.B, which gives hackers complete control of the machine.   The new technique allows a hacker to connect a mobile to the inside of the ATM, then send an SMS to the ATM asking for cash and finally getting their hands on the money. The controller sends two SMS messages to the mobile phone inside the ATM; one contains a valid activation ID in order to enable Backdoor.Ploutus.B in the ATM and second is a valid dispense command to get the money out.   According to Symantec, “criminals can remotely control the ATM by using a mobile phone which is connected to the inside of the ATM. There are multiple ways to connect a mobile phone to an ATM. A common method is to use a setup called USB tethering, which is effectively a shared Internet connection between a phone and a computer (or in this case, an ATM)."    Once the phone has been connected, they can infect the ATM with Backdoor.Ploutus.B trojan, send the message and steal the money. The blog post goes on to say, “The criminals can send specific SMS command messages to the phone attached inside the ATM. When the phone detects a new message under the required format, the mobile device will convert the message into a network packet and will forward it to the ATM through the USB cable.” Through a network packet monitor (NPM) module, attackers can see all network traffic to and from the ATM.   It’s easy to see why cyber-criminals, with the necessary tools and skills set, might be itching to try out this method. According to Symantec, with no adequate security updates after 8 April, the ATMs will be even more vulnerable. According to the blogpost, “upgrading to a supported operating system such as Windows 7 or 8,” would go a long way in helping with the security. It also points out that the BIOS (Basic Input/Output System) should be locked down in ATMs to prevent them from being booted through unauthorised media such as CD ROMs or USB sticks.   As far as India is concerned, there are roughly about 100,000 ATMs in India and many of them are running on Windows XP. However, RBI guidelines have stipulated that ATMs should be upgraded in view of security concerns.