Texting ATMs For Cash?

Category: Security

ATMs running Windows XP can be controlled remotely by hackers with smartphones, according to a top Internet security firm. Just send the right text message to an ATM and it will start spewing cash. An estimated 80 percent of U. S. ATMs are still running XP, so should we worry? Here's the story...

ATMs Running Windows XP

If you've been reading my stuff for a while, you know I have an offbeat sense of humor. Last year on April 1st, I published a spoof titled ALERT: Internet Taxes Due Today! which ruffled a few feathers.

But today's article is no April Fools joke. At least, the folks behind the alarming headlines didn't mean it that way. Let me explain...

By now, everyone concerned knows that all support for Windows XP will end on April 8, 2014. That means no more security patches, leaving stubborn XP users increasingly vulnerable to hackers and malware as new holes in the ancient operating system are discovered. Microsoft and the media have done all they can to warn XP users. I've published my advice about XP's demise in Windows XP: Game Over.
Texting ATMs for Cash

But there’s one XP user you probably can’t avoid: your local automated teller machine (ATM). Now, just days before the end of XP security patches, the press is getting around to milking this prime source of FUD (Fear, Uncertainty, and Doubt) for a few last page-views.

It is true that about that 80 percent of ATMs in the USA are are running XP. It's also true that Symantec, maker of the popular Norton Internet Security products, published a blog post on March 24th entitled, Texting ATMs for Cash Shows Cybercriminals’ Increasing Sophistication.

It's also true that a ZDNet reporter picked up the story, tying the scare to the impending death of XP. "With the end of Windows XP support looming, ATMs worldwide are left vulnerable -- and cyberattackers are taking advantage of the fact." (Why does ZDNet, a technology news website, have someone who is a "medical anthropologist and freelance photographer" writing about computer security, anyway?)

Can a Text Message Really Make an ATM Spew Cash?

The gist of the story is that a variant of a hack known as Backdoor.Ploutus enables crooks to send a text message to an ATM that forces it to spew cash. Symantec blithely says, “It may seem incredible but this technique is being used in a number of places across the world at this time.” Upon reading that, I thought “Well, yes, it does seem incredible. Name one of the places where it’s happened, please.”

But the blog post just ignored me, moving quickly to another incredible statement: “The criminals can remotely control the ATM by using a mobile phone which is connected to the inside of the ATM.” Hmmm… “And how does the criminal get his phone inside of the ATM?” I wondered.

“There are multiple ways to connect a mobile phone to an ATM,” Symantec assured me. For the rest of the blog post, it was assumed that the crook plugged his phone into an ATM’s USB port. You’ve never seen a USB port on an ATM, have you? That’s because the USB port is locked inside of the ATM. How a crook gets access to it is left to the reader’s imagination, which Symantec is busy enflaming.

The post is long and dense, full of technical, geeky details that lend it authority. There’s even an entertaining video of an ATM being forced to spew cash… in Symantec’s lab. But critical details like, “How, exactly, does a crook pull this off?” are omitted. Symantec just assumes the cybercrooks are all-powerful evil geniuses and the bankers who operate ATMs are hapless idiots.

The post concludes with recommendations for protecting ATMs, about half of which involve buying Symantec products. The rest assume that ATM manufacturers and owners are idiots who don’t already provide physical security for ATMS, including video surveillance; lock down the ATM’s BIOS so that USB sticks cannot be used to boot them; or encrypt their ATMs’ hard drives.

But Wait, There's Less!

Oh, and the really important point that Symantec and ZDNet both missed is this: The "embedded" versions of Windows XP that run inside ATMs are supported by Microsoft through the end of 2016! So while it *IS* important that people using XP take steps to move to a more modern and secure platform, there's just no reason to believe that masked men with smartphones are roaming the streets, gleefully scooping up cash from ATM machines.

While I am perfectly willing to believe that some bankers are idiots, I don’t see any text-message ATM fraud happening in the real world. It's just too easy to hook up a big chain to the ATM, and drag it off with a pickup truck. Which actually does happen on occasion.

Your thoughts on this topic are welcome. Post your comment or question below...

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 1 Apr 2014


For Fun: Buy Bob a Snickers.

Prev Article:
Free Online Backup and Software Options

The Top Twenty
Next Article:
Geekly Update - 02 April 2014

Most recent comments on "Texting ATMs For Cash?"

Posted by:

Smoky Lowe
01 Apr 2014

Well you know,Norton will do anything to sell their over priced,worthless program. I would never use it and is the first thing I remove from customers computers and my owe.Thank you for a great article.


Posted by:

Darcetha
01 Apr 2014

I agree with you Bob. If anyone could text an ATM to get it to spew cash, the banks would cease to be in business. This is just another sensational story to spook people.

Now, I have seen on America's dumbest criminals, people putting chains around freestanding ATMs and hauling them off with pickup trucks. ;)


Posted by:

GuitarRebel
01 Apr 2014

"While I am perfectly willing to believe that some bankers are idiots..."
Haha! Too funny, Bob.


Posted by:

Donna
01 Apr 2014

Drat! Just when I thought I had my retirement funding all figured out, along comes The Evil Dr Bob and his Reality Blaster. Dang you, Dr Bob, dang you, and your little Reality Blaster, too.
Back to the drawing board, muttering dispiritedly under my breath,
Donna


Posted by:

Kelly
01 Apr 2014

Thanks for yet another great article uncovering the greed of a large company simply trying to increase sales through fear, relying that nobody will question an article that contains few facts.


Posted by:

sandy
01 Apr 2014

Scary, isn't it, that half the population has an IQ below "normal"?
Good for a laugh, though.


Posted by:

James
01 Apr 2014

Hehehehehehehe !!!!


Posted by:

Hank
01 Apr 2014

"While I am perfectly willing to believe that some bankers are idiots..."

The Investment bankers may well be, but I guarantee that their IT department aren't (idiots)! When it comes to keeping their money safe, they're very focused! And they have Microsoft's attention! :)


Posted by:

SamG
01 Apr 2014

April fools! Yup, that's what I consider any Symantec/Norton product. After using Ghost for backups years ago then their crappy antivirus. Some friends still use Norton 360 and they haven't bothered me to fix their computers lately so the product may have improved. But they'll never sell me. Well got to go. Bought a new HTC 1 and am going to unload the local ATM again. AF.


Posted by:

crimsonsword
01 Apr 2014

5 years ago Norton crashed my OS and scrambled the MBR not once but twice. I would not touch Norton with a ten foot pole. In India there have been physical removal ATMs. And isolated attacks on people removing money from ATM kiosks.


Posted by:

Mike
02 Apr 2014

As far as updating XP to Win7 or 8, consider that some people do not have the money to upgrade to a new computer or OS.
I don't see anywhere, that MS will help poor people with a bill to get a new computer .
If you are poor & you are using XP, you're just shite out of luck.
You can help people in other countries, but do nothing for the people in your own-what a shame !!!

EDITOR'S NOTE: Ubuntu Linux is a nice free alternative. Mint Linux Cinnamon is another, and is quite similar to the XP interface.


Posted by:

deb
02 Apr 2014

Thanks for the laugh. Waiting for students to finish up tests, I needed it tonight. ☺


Posted by:

Adam Kimble
02 Apr 2014

But Wait, There's Less!

Best April 1st laugh I had! Thx


Posted by:


02 Apr 2014

I'm beginning to think that Bob Rankin is the only intelligent being left on the planet. every article makes such good sense ! More power to your elbow. , (ex-patriot Scotsman, now resident 'downunder' in Australia ) JOHN.


Posted by:

Sally
02 Apr 2014

And wouldn't it be nice if the fools only appeared on April 1st...


Posted by:

Oswaldo Gomez
06 Apr 2014

Bob, I read this post twice, because your offbeat sense of humour deserves repeating. Let me just add this: What piss us off is not that they think we are morons, is their firm conviction that we are.


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.


Article information: AskBobRankin -- Texting ATMs For Cash? (Posted: 1 Apr 2014)
Source: http://askbobrankin.com/texting_atms_for_cash.html
Copyright © 2005 - Bob Rankin - All Rights Reserved