Why Crackers Prefer Windows on Cash Machines

Dr. Roy Schestowitz

2010-07-29 16:02:31 UTC
Modified: 2010-07-29 16:02:31 UTC

Summary: Windows makes a lot of money for the bad guys, who are exploiting Windows-based ATMs

ATMs that run Windows are running for criminals to take advantage of them. This is a subject that we covered many times before along with examples. See the following older posts for background:

Here is Slashdot's summary about the latest example:

"Windows CE-based ATMs can easily be made to dole out cash, according to security researcher Barnaby Jack. Exploiting bugs in two different ATM machines at Black Hat, the researcher from IOActive was able to get them to spit out money on demand and record sensitive data from the cards of people who used them. Jack believes a large number of ATMs have remote management tools that can be accessed over a telephone. After experimenting with two machines he purchased, Jack developed a way of bypassing the remote authentication system and installing a homemade rootkit, named Scrooge,"

This links to IDG, which says:

The machines Jack hacked were, however, based on Microsoft's Windows CE operating system.

And from ZDNet:

At the Black Hat security conference here, Jack demonstrated two different attacks against Windows CE-based ATMs — a physical attack using a master key purchased on the Web and a USB stick to overwrite the machine’s firmware; and a remote attack that exploited a flaw in the way ATMs authenticate firmware upgrades.

Glyn Moody cannot comprehend such a tactless choice of Windows CE for ATMs. He asks, "why not just leave the notes out in the open?"

It should be no surprise that Google's vulnerabilities in Chrome are sometimes caused by Windows' inherent insecurity and this time for a change, "Google patches Chrome, sidesteps Windows kernel bug," reports IDG. "Microsoft was not available for comment late Tuesday."

It it worth adding that many Firefox flaws are Windows-only as well. Sometimes GNU/Linux is also affected and this new article says that "Google also released workarounds for two vulnerabilities in external components, helping to protect from flaws in the Windows kernel and GNU glibc components." Nothing is infallible, but Microsoft tends to fail more often than the rest and it hides this. ⬆

GAFAM is Drowning in Debt, GAFAM is Clearly Not Sustainable Anymore (It Runs on Borrowed Money and Bailouts): The war and surrender in Iran will deepen the debt; we'll see the GAFAM reports in late July
Microsoft at 50 Follows the General Trajectory of Skype: How many years does Microsoft have left before payroll becomes impossible?
Cybersecurity Does Not Mean Asking Microsoft for Permission to Boot: There were very good and timely reasons to speak about the matter, including impending antitrust complaints against Microsoft
Chad's Move to GNU/Linux or the Point of Exceeding 5% "Market Share": experienced centuries of being colonised
Gemini Links 21/06/2026: Dating Oaks, Paying With Cash, and "More on Withered Technology": Links for the day
GAFAM Was Never an Ally to Europe: Only 1 in 10 Europeans see US as an ally — study [...] military providers in "tech" clothing cannot be trusted
GitHub, LinkedIn, and XBox Will Finish Like Skype (Sustainability Crisis): Skype should become a verb. When Microsoft 'Skypes' something it means it basically shuts it down with some temporal excuse/s.
Drowning in Garbage: AUR Shows That Too Much Low-Quality Software (Including Slop) is Bad for Everybody: What happened in AUR had happened elsewhere before and will happen again in the future
Links 21/06/2026: EU on Patented (Monopolised) Crops, Microsoft Software "Narcs on You to Your Boss": Links for the day
A Year After a Microsofter Took Over The Register MS It is Effectively a Content Farm With News as a 'Side Dish': This is not journalism, this is spam
IBM Pays the Media and Cons Some 'Journalists' Into Participating in "Quantum" Spam: "The Boy Who Cried Wolf"
You Don't Need an 'App' for Your Birdhouse (Slopfondlers Come for Birds): That they sell those things as "AI" really says a lot about how dishonest slopfondlers really are
SLAPP Censorship - Part 113 Out of 200: The United Kingdom is Not Turkey: Turkey is ranked almost worst in the Western World for press freedom
Links 21/06/2026: Bots from Alibaba Do Harm and Many Xbox Games Are Being Cancelled: Links for the day
5 Years After Release of Vista 11 Not Even One in 5 People Use It (in the US): It doesn't look like Vista 11 will ever be adopted like prior versions and announcing a Vista 12 will mostly upset companies/organisations that only recently "upgraded" to 11
Gemini Links 21/06/2026: Boca Raton, Perfect Summer Day, and LLM Doing Things Poorly: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, June 20, 2026: IRC logs for Saturday, June 20, 2026
Microsoft Insiders - Not Limited to XBox - Expect a 'Bloodbath' (Their Own Word): This isn't limited to XBox
Reports of "PIP" as Means of Mass Layoffs at IBM This Year: some insights into the PIPs
SLAPP Censorship - Part 112 Out of 200: Strangles Women, Then Refuses to Even Attend Any of His Own Hearings About It: It is meanwhile very apparent that Brett Wilson LLP is becoming a "mench sphere"
Gemini Links 20/06/2026: "There Was Never Supposed to Be a Camera" and "What Is A Programming Language"?: Links for the day
Geminispace Reaches Its 8th Year, Today It Has Turned 7: Gemini Protocol 'went live' 7 years ago, just before the COVID-19 pandemic
Links 20/06/2026: "Full Page Paralysis" and "Hopes For Xbox’s Future Might Be Over Before It Even Begins": Links for the day
European Patent Office's (EPO) Strikes "at a Scale not Seen Since Battistelli", European Patent Grants Down by Over 25% in Past 3 Months: The actions are effective
Real Security Elusive, Microsoft Layoffs to Coincide With Certificate Apocalypse: July 1
Links 20/06/2026: Microsoft's "Year of Shame" and "Feed the Writers": Links for the day
2026 is a Year of Strikes at the European Patent Office (EPO): As it stands at the moment, to many people the EPO represents crime, not law
Web Browsers Are Technically Bloatware (No Matter What Runs in Them): Don't make it a society that shames people into using a Web browser where none should be needed
Fedora Has Changed a Lot Since I Last Used It (IBM Dominates Almost Everything, IBM Agenda Displaces Community Goals): "It is effectively 100% run by Red Hat/IBM employed people... even when they are community-elected representatives."
Andy (Cyber Show) on His Teacher Who "Squeezed Every Last Drop Out of Life, With Gratitude, Humility, Generosity and Mettle": Some call them "eccentric" and are dismissive about what they have to offer
Only 1.5% Oppose the European Patent Office's (EPO) Strikes and Other Industrial Actions Until 2027: Among those polled/surveyed (in a ballot)
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, June 19, 2026: IRC logs for Friday, June 19, 2026
Gopher/Gemini Links 20/06/2026: Slop With Tcl/Tk and Nokia 770 Perishes: Links for the day
SLAPP Censorship - Part 111 Out of 200: Garrett and Graveley (the Latter Arrested for Strangling Women) Keep Ousting Their Collaboration in Litigation, Lawfare in a Foreign Continent: it's not law, it's just warfare disguised as "law"
European Patent Office (EPO) Series: Lobbying in Lisbon...: reappointment campaign lobbying has not been restricted to the "home front" in Portugal
Slop Making Its Way Into Terms Where It Does Not Belong: Hopefully by year's end Google News can successfully cull (and deprive of traffic) almost all slopfarms
Links 19/06/2026: Microsoft Patent Troll Intellectual Ventures in Europe, "World Cup of Internet Resilience": Links for the day
Links 19/06/2026: Salesforce Data Thefts and GAFAM's Conspiracy Theories That Data Center Opposition is a Foreign Plot: Links for the day
Links 19/06/2026: The Retweeting Class and Data Centres as National Security Risk: Links for the day
Don't Attack the Wives (or Spouses) of Pundits/Activists/Journalists: We will be writing several series about this in the future
Society Will Only Improve Owing to People Who Push Boundaries: Push boundaries with ideas and facts, not with forbidden language
Internet Relay Chat (Shorthand IRC) is Still Growing: Contrariwise, social control media is waning
The Register MS Published a New Page With "AI" 21 Times in It. It Was Paid SPAM.: The former editor of the The Register MS admitted to me (directly) that he knew all this "AI" stuff was stupid hype
Murdoch's Wall Street Journal (WSJ) Associates Dependence on a Ponzi Scheme With "the Future": Those ludicrous ads (disguised as rankings) from WSJ deserve scorn and ridicule
The XBox Story is Still Fast-Developing, the Layoffs Are Confirmed to be Happening Already (Mid-June), Just Not "Officially": Workers have Microsoft have long braced for what is happening this summer and will accelerate further in two weeks' time
Fake News From Rupert Murdoch's WSJ Could Not Keep IBM From Sinking: "2026 Best Companies for the Future"?
To GNU, AV2 Adoption May be a Year If Not Years Away: The leap between versions means that there is fertile ground for incompatibilities
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, June 18, 2026: IRC logs for Thursday, June 18, 2026
Gemini Links 19/06/2026: "Born and Raised by the Internet", Fifteen Years in Gopher: Links for the day

Why Crackers Prefer Windows on Cash Machines

Recent Techrights' Posts