Why Crackers Prefer Windows on Cash Machines

Dr. Roy Schestowitz

2010-07-29 16:02:31 UTC
Modified: 2010-07-29 16:02:31 UTC

Summary: Windows makes a lot of money for the bad guys, who are exploiting Windows-based ATMs

ATMs that run Windows are running for criminals to take advantage of them. This is a subject that we covered many times before along with examples. See the following older posts for background:

Here is Slashdot's summary about the latest example:

"Windows CE-based ATMs can easily be made to dole out cash, according to security researcher Barnaby Jack. Exploiting bugs in two different ATM machines at Black Hat, the researcher from IOActive was able to get them to spit out money on demand and record sensitive data from the cards of people who used them. Jack believes a large number of ATMs have remote management tools that can be accessed over a telephone. After experimenting with two machines he purchased, Jack developed a way of bypassing the remote authentication system and installing a homemade rootkit, named Scrooge,"

This links to IDG, which says:

The machines Jack hacked were, however, based on Microsoft's Windows CE operating system.

And from ZDNet:

At the Black Hat security conference here, Jack demonstrated two different attacks against Windows CE-based ATMs — a physical attack using a master key purchased on the Web and a USB stick to overwrite the machine’s firmware; and a remote attack that exploited a flaw in the way ATMs authenticate firmware upgrades.

Glyn Moody cannot comprehend such a tactless choice of Windows CE for ATMs. He asks, "why not just leave the notes out in the open?"

It should be no surprise that Google's vulnerabilities in Chrome are sometimes caused by Windows' inherent insecurity and this time for a change, "Google patches Chrome, sidesteps Windows kernel bug," reports IDG. "Microsoft was not available for comment late Tuesday."

It it worth adding that many Firefox flaws are Windows-only as well. Sometimes GNU/Linux is also affected and this new article says that "Google also released workarounds for two vulnerabilities in external components, helping to protect from flaws in the Windows kernel and GNU glibc components." Nothing is infallible, but Microsoft tends to fail more often than the rest and it hides this. ⬆

Recent Techrights' Posts

Gemini Links 25/12/2025: Hibernation and TV Detox: Links for the day
The Right to Repair (Especially When Products Are So Poorly Made): Many electrical appliances fail often/quick and are nearly impossible to repair
The Register MS: Don't Use Linux: That really says a lot about The Register MS
The Year of the Bubble: We hope that in 2026 the marketing liars will find some new buzzwords to latch onto and quit calling everything "AI"
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, December 25, 2025: IRC logs for Thursday, December 25, 2025
Browsing Techrights With a GUI and 10 Megabytes of RAM Per Tab: Some people say it's not possible in 2025, maybe in part because they depend on very bloated software
A Tribute to Richard Stallman: It's about knowledge and sharing
Links 26/12/2025: Impermanence, Salt and Thermometer, Freetube: Links for the day
Canonical is Making the Cost of PCs Very High, Due to Unnecessary Ubuntu Bloat: They say the reason for the price surge is LLM hype/frenzy
Canonical's Ubuntu is Bloatware: How did Ubuntu get so fat?
The EPO is a Very Vicious Organisation You Neither Wish to Join Nor Stay in for "Too Long": Consider what the EPO thinks of its own workers, the staff that actually does real work
2026 Will Hopefully Turn Out to be Slopless: we seem to be starting the post-Christmas period on the right footing
Links 25/12/2025: Mail Carriers in "a Murky Future", Dihydroxyacetone Man’s "Chip Embargo Against China Backfiring Spectacularly": Links for the day
The Register MS: All I Want For Xmas is Microsoft: they actually put effort into it
How to Win Nobel Prize for Peace: Do you get to Heaven (or peace platitudes) by sleeping with 72 virgins?
Links 25/12/2025: Ample Cover-up Found in Jeffrey Epstein Files; ChatGPT Causes Psychosis, Not a Good Use Case: Links for the day
Giving Money to Free Software: In life, people must make sacrifices to do what's right and just
EPO People Power - Part XV - EPO Cocainegate to Resume This Weekend: The next installment (number 16) will probably come out this weekend
Microsoft: XBox is Going "Online", "Cloud"...: XBox as a console is pretty much dead
Mozilla Firefox is a GAFAM Browser With Slop, Move to a Free Software Web Browser: on mobile the options would be more limited
libera.chat Was Under Attack Last Night: Several months from now libera.chat turns 5
Free Software Foundation (FSF) Raises Over $300,000 Before Christmas: the FSF made it past $300,000
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, December 24, 2025: IRC logs for Wednesday, December 24, 2025
Sounds Like Microsoft 'Open' 'AI' (Slop) Ran Out of Money to Borrow: Maybe in 2026 slop will be scarce enough that eventually, maybe by year's end, we'll manage to just ignore it.
In India, Staff Works on Christmas Eve, Becomes Unemployed (Last Day): The company fires based on how "expensive" workers are more often than based on their productivity
Links 24/12/2025: US TACOs on "China Chip Tariffs Until 2027", Russian Snickers in U.K. Convenience Shops: Links for the day
Links 24/12/2025: Cheeto President "Accused of Rape in Jeffrey Epstein Files", Windows to be Replaced by Slop?: Links for the day
Gemini Links 24/12/2025: Tea, Love During Pain, and Gaming This Year: Links for the day
GAFAM is a Bubble, Nothing is Free in This World: Nothing is free in the world
My New CD Player/Stereo Didn't Even Last a Year, My CD Player/Stereo From the Early 1990s Still Works: That helped reaffirm what I said in recent years about production/manufacturing standards of "modern" things
GitHub Isn't Free, Microsoft Subsidises It (Losses) to Entrap You Inside Proprietary Software, Now Come the Fees: GitHub was never free
XBox Console is Dead, "Microsoft is Rethinking What XBox is": So XBox is now "cloud"
IBM SkillsBuild: Teaching Slop to People: What skills does that give? Making more slopfarms?
Maybe 2026 Will be the Last Year of António Campinos: Europe's patent system is run by thugs and it serves thugs
2025: The Year LLM Slop Rose to Prominence and Then Fell: the slop hype is bound to end
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, December 23, 2025: IRC logs for Tuesday, December 23, 2025
Links 24/12/2025: Spotify Surveillance and Shadow Over Rule of Law in Hong Kong: Links for the day