Light Dark
February 7, 2017 By Larry Loeb 2 min read

The Indian government revealed that over 70 percent of the automated teller machines (ATMs) in the country currently run Windows XP. Since this particular flavor of Windows has not been updated since 2014, its widespread use as an ATM operating system is concerning. Cybercriminals can exploit the many well-known system security issues that affect this outdated system.

A Massive Migration

Finance Minister Arun Jaitley said the government was working with “banks and other parties” to upgrade these machines, according to Softpedia. He reported that roughly 22,000 ATMs would need to be migrated to more current systems — likely Windows 10.

Jaitley did not provide a target date for such a migration, nor did he specify the hardware or software it would require. The finance minister did, however, admit that it would take a long time to complete.

Microsoft Supports Its Outdated ATM Operating System

To keep the ATMs up and running, Jaitley noted, some stakeholders engaged Microsoft to provide custom support for their specific machines. While this support enabled the machines to function, the migration from XP should still be carried out as soon as possible.

This situation highlights the problem with older technologies: When tools fall behind the times, they require capital to upgrade. In this case, while most big banks with plenty of resources continually upgrade their machines, the ATMs typically found in convenience stores and other retail locations have fallen behind.

Stakeholders Don’t Feel the Pain

Although any reasonable threat model for an ATM will include breaching, stakeholders may not be able to see actual breaches occurring or understand the issues stemming from outdated machines. In other words, they may not be feeling the pain.

The economic incentive to replace these machines may actually be negative, since there is currently no standard hardware or software platform. Why migrate at all if you are not sure where you are migrating to? However, failure to do so puts ATM users — their customers — at risk.

The current situation suggests that India has a long way to go when it comes to securing ATMs today and in the future.

 |  |  |  |  |  | 
Larry Loeb
Principal, PBC Enterprises

More from

January 30, 2025

When ransomware kills: Attacks on healthcare facilities

4 min read - As ransomware attacks continue to escalate, their toll is often measured in data loss and financial strain. But what about the loss of human life? Nowhere is the ransomware threat more acute than in the healthcare sector, where patients’ lives are literally on the line.Since 2015, there has been a staggering increase in ransomware attacks on healthcare facilities. And the impacts are severe: Diverted emergency services, delayed critical treatments and even fatalities. Meanwhile, the pledge some ransomware groups made during…

January 29, 2025

AI and cloud vulnerabilities aren’t the only threats facing CISOs today

6 min read - With cloud infrastructure and, more recently, artificial intelligence (AI) systems becoming prime targets for attackers, security leaders are laser-focused on defending these high-profile areas. They’re right to do so, too, as cyber criminals turn to new and emerging technologies to launch and scale ever more sophisticated attacks.However, this heightened attention to emerging threats makes it easy to overlook traditional attack vectors, such as human-driven social engineering and vulnerabilities in physical security.As adversaries exploit an ever-wider range of potential entry points…

January 28, 2025

4 trends in software supply chain security

4 min read - Some of the biggest and most infamous cyberattacks of the past decade were caused by a security breakdown in the software supply chain. SolarWinds was probably the most well-known, but it was not alone. Incidents against companies like Equifax and tools like MOVEit also wreaked havoc for organizations and customers whose sensitive information was compromised.Expect to see more software supply chain attacks moving forward. According to ReversingLabs' The State of Software Supply Chain Security 2024 study, attacks against the software…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature