Why Crackers Prefer Windows on Cash Machines

Dr. Roy Schestowitz

2010-07-29 16:02:31 UTC
Modified: 2010-07-29 16:02:31 UTC

Summary: Windows makes a lot of money for the bad guys, who are exploiting Windows-based ATMs

ATMs that run Windows are running for criminals to take advantage of them. This is a subject that we covered many times before along with examples. See the following older posts for background:

Here is Slashdot's summary about the latest example:

"Windows CE-based ATMs can easily be made to dole out cash, according to security researcher Barnaby Jack. Exploiting bugs in two different ATM machines at Black Hat, the researcher from IOActive was able to get them to spit out money on demand and record sensitive data from the cards of people who used them. Jack believes a large number of ATMs have remote management tools that can be accessed over a telephone. After experimenting with two machines he purchased, Jack developed a way of bypassing the remote authentication system and installing a homemade rootkit, named Scrooge,"

This links to IDG, which says:

The machines Jack hacked were, however, based on Microsoft's Windows CE operating system.

And from ZDNet:

At the Black Hat security conference here, Jack demonstrated two different attacks against Windows CE-based ATMs — a physical attack using a master key purchased on the Web and a USB stick to overwrite the machine’s firmware; and a remote attack that exploited a flaw in the way ATMs authenticate firmware upgrades.

Glyn Moody cannot comprehend such a tactless choice of Windows CE for ATMs. He asks, "why not just leave the notes out in the open?"

It should be no surprise that Google's vulnerabilities in Chrome are sometimes caused by Windows' inherent insecurity and this time for a change, "Google patches Chrome, sidesteps Windows kernel bug," reports IDG. "Microsoft was not available for comment late Tuesday."

It it worth adding that many Firefox flaws are Windows-only as well. Sometimes GNU/Linux is also affected and this new article says that "Google also released workarounds for two vulnerabilities in external components, helping to protect from flaws in the Windows kernel and GNU glibc components." Nothing is infallible, but Microsoft tends to fail more often than the rest and it hides this. ⬆

Recent Techrights' Posts

openai.com Traffic Said to Have Fallen 50% in the Past Three Months, Reports Say It Nearly Ran Out of Money to Borrow: After the slop frenzy all we'll have left is environmental destruction
Rudeness and Vulgarity Won't Stop Journalism About Free Software: we seem to be on the right path
IBM Plans for Layoffs Becoming Clearer With "Employee Reviews": Of course this impacts Red Hat as well
The "Alicante Mafia" - Part VII - The Industrial Actions Began Yesterday, Here's Why: The "Alicante Mafia" might not last much longer
Gemini Links 21/01/2026: Edible Circuits and "Sayonara HTTP": Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, January 20, 2026: IRC logs for Tuesday, January 20, 2026
IBM Hides Its Own Destruction (and Red Hat's): It's like scenes out of '1984', which is what a now-famous advertisement from Apple compared IBM to
LLM Slop Not Dead Yet, Examples of Slop About "Linux": We wish to see the totals down to zero
Links 20/01/2026: Cheeto Blackmails France Into 'Peace' While Looking to Annex EU, Mass Layoffs in Capgemini (Microsoft Reseller/Promoter) in France: Links for the day
Gemini Links 20/01/2026: Boxing and "Inbox Zero" Success: Links for the day
Windows and Slop Declining While Microsoft Silences Critics: Microsoft tries to suppress facts while faking 'demand' by imposing slop on everybody, everywhere
IBM Kills OzLabs, Signalling An Attack on Free Software (a Sign for Red Hat): ibiblio also appears to have died (or experiences critical issues)
Red Hat Vice President Leaving After Nearly Two Decades: IBM's culture of secrecy is not compatible with Free software
Links 20/01/2026: "ChatGPT Health" (Latest Distraction From Being Insolvent) Flops and Raises Concerns, "The U.S. Military Faces a Reckoning on Greenland": Links for the day
Readers Pleased With Layout Changes: Two days ago we began improving clarity and accessibility in the site
IBM is Outsourcing Red Hat's Fedora to Slop to 'Save Money': If IBM cared about quality rather than alleged "cost savings" (cutting corners), it would assign more IBM staff to Fedora, but instead the exact opposite happened, with the likes of Cotton and Miller removed from the project
European Patent Office (EPO) Industrial Actions Formally Start in Two Hours: As per the latest (revised) action plan, today workers will slow down their work and limit patent grants
Microsoft Under Fresh Investigation by the Italian Competition Authority: In 2025 we kept a running tally of 30,000+ Microsoft layoffs, so 40k this year would not be unthinkable
The "Alicante Mafia" - Part VI - More Strikes Planned at the EPO, Starting This Month: Yesterday we said that friends of Berenguer or inside Berenguer's circle may have left
Gemini Links 20/01/2026: New Tea, Using a Roku at a Hotel, and "Voltage-Based Power Management for Any Raspberry Pi": Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, January 19, 2026: IRC logs for Monday, January 19, 2026
If You Don't Want "Linux" to Become "Windows", Then Follow GNU: GAFAM isn't a friend of Linux; it's only a user in the same sense clients are "users" of a brothel
Links 19/01/2026: National Broadcasters on World or Local Affairs Up to a Week Ago: Links for the day
Gemini Links 19/01/2026: Game Boy and "The Lounge" (IRC) for the Elderly: Links for the day
Slopfarms in Google News (at Least Three Today) With Fake 'Articles' About "Linux": Google itself is trying to promote its own slop ("Overview") at the expense of original and credible sources
Links 19/01/2026: ChatGPT’s Defects and The Guardian on Why So-called "AI Companies Will Fail": Links for the day
This is What the Slop Bubble Popping Can Look Like: Maybe not an overnight collapse, but getting there gradually
IBM Quiet About Its Plan for Red Hat Amid Accelerated Bluewashing: Something is going on at Red Hat
The "Alicante Mafia" - Part V - It Seems Like Some People Are Already Leaving "The Mafia": they have a rough idea of what's coming
Microsoft Means War, Microsoft is on the Side of ICE: Microsoft, people-ready
More Confirmatory Rumours Regarding "Massive" Red Hat Layoffs: Ecosystem and sales said to be targeted
Proprietary UNIX is What We'll Have If IBM Red Hat Gets Its Way: IBM Red Hat wants to control everything, even if that means killing everybody
Free Software in Times of Peace (and Times of War, Too): GAFAM and IBM are war companies
Founder of GNU/Linux (RMS) Speaks in US University (College) This Week: The auditorium has very high capacity and this is his "college comeback" talk in the United States
Office Meetings Are Most Useful to the Least Productive Workers: In my "office life" days I really didn't like meetings
LinuxSecurity and Linuxiac Are Still Slopfarms, Even Anthony Pell Does It: We suppose waiting another month or another year won't change a thing
Claim That the Board of Directors at IBM Isn't Happy With How the Company is Run: IBM tries to project an image of strength to the whole world, especially to its clients
Links 18/01/2026: Legal Trouble for xAI, Climate Concerns, Data Breaches and More: Links for the day
'Vibe Coding', Chatbots, and Other Bots (e.g. "Agents" Disguised as "Superintelligence") Aren't Saving You Time: False marketing, FOMO marketing tactics
Gemini Links 19/01/2026: Analog Cameras and Plucker in 2026, US Losing Acceptability in Europe: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, January 18, 2026: IRC logs for Sunday, January 18, 2026