Why Crackers Prefer Windows on Cash Machines

Dr. Roy Schestowitz

2010-07-29 16:02:31 UTC
Modified: 2010-07-29 16:02:31 UTC

Summary: Windows makes a lot of money for the bad guys, who are exploiting Windows-based ATMs

ATMs that run Windows are running for criminals to take advantage of them. This is a subject that we covered many times before along with examples. See the following older posts for background:

Here is Slashdot's summary about the latest example:

"Windows CE-based ATMs can easily be made to dole out cash, according to security researcher Barnaby Jack. Exploiting bugs in two different ATM machines at Black Hat, the researcher from IOActive was able to get them to spit out money on demand and record sensitive data from the cards of people who used them. Jack believes a large number of ATMs have remote management tools that can be accessed over a telephone. After experimenting with two machines he purchased, Jack developed a way of bypassing the remote authentication system and installing a homemade rootkit, named Scrooge,"

This links to IDG, which says:

The machines Jack hacked were, however, based on Microsoft's Windows CE operating system.

And from ZDNet:

At the Black Hat security conference here, Jack demonstrated two different attacks against Windows CE-based ATMs — a physical attack using a master key purchased on the Web and a USB stick to overwrite the machine’s firmware; and a remote attack that exploited a flaw in the way ATMs authenticate firmware upgrades.

Glyn Moody cannot comprehend such a tactless choice of Windows CE for ATMs. He asks, "why not just leave the notes out in the open?"

It should be no surprise that Google's vulnerabilities in Chrome are sometimes caused by Windows' inherent insecurity and this time for a change, "Google patches Chrome, sidesteps Windows kernel bug," reports IDG. "Microsoft was not available for comment late Tuesday."

It it worth adding that many Firefox flaws are Windows-only as well. Sometimes GNU/Linux is also affected and this new article says that "Google also released workarounds for two vulnerabilities in external components, helping to protect from flaws in the Windows kernel and GNU glibc components." Nothing is infallible, but Microsoft tends to fail more often than the rest and it hides this. ⬆

Recent Techrights' Posts

Links 03/05/2026: Insolvent US Bailing Out Google, Microsoft, Amazon, Nvidia, Oracle, OpenAI, and SpaceX: Links for the day
All-Time Lows for Windows in Spain and Portugal: data which became publicly available less than 24 hours ago in statCounter
The Real News is Botnets (e.g. Windows With Back Doors), Not Iran: Let's focus on the botnets [...] Microsoft's aim is the opposite of security
SLAPP Censorship - Part 66 Out of 200: Alex Graveley Did Illegal Things, Then Asserted Mentioning Those Illegal Things is Privacy Violation: Alex Graveley "has suffered damage and distress" when the public found out he told women to kill themselves
The Corrupt Lecture the Non-Corrupt - Part XII - Outsourcing Everything to Microsoft, Which is Illegal: Today's EPO isn't about technology or law
Melissa Chan on Why Press Freedom Matters to Everyone, Not Just Journalists: dispelling a myth
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, May 03, 2026: IRC logs for Sunday, May 03, 2026
Gemini Links 04/05/2026: Another Old Web Pillar Gone and Simple Lobsters Mirror for Gemini: Links for the day
SLAPP Censorship - Part 65 Out of 200: Graveley and Garrett Claims Are Word-by-Word Similar (They Also Collaborated All Along): We'll keep it short today
IBM Has a Long and Rich History of Showing Chatbots Bear No Business Prospects (From Jeopardy to Watson Healthcare and McDonalds): Watson Healthcare is already in the dustpan, so they are rebranding it again
Europe Decoupling is Bad News for GAFAM, Especially Bad to Microsoft: Countries want independence
India Needs to Recognise That the World Wide Web is Monoculture in India: In the US, a judge with Indian roots dealt with a case related to this; why won't India?
All-Time Lows for Windows Down Under: seeing the demise of Windows in Australia (historically a slow or low adopter of GNU/Linux) is good news
Linux Kernel Tainted by Software Patents That Make Linux Worse and the 'Linux' Foundation is Compiling Bribes to Enable This (Promotion of Monopolies and Tolerance of Software Patenting): Why you need to reboot when a serious bug is found in Linux? "Licencing"...
IBM's Kyndryl Accounting Fraud Explained and More Recently the Insiders Talk About Mass Layoffs: Judging by how the media totally ignored 800+ layoffs at IBM's Confluent and 400+ layoffs at Red Hat a few weeks ago don't expect to hear anything about Kyndryl layoffs
Links 03/05/2026: Water Shortages Crises and Slop Fakes "Are Coming for Your Bank Account" (Slop-Enabled Fraud): Links for the day
The Corrupt Lecture the Non-Corrupt - Part XI - EPO 'Products' to Cement Asian and American Monopolies: Only a fool would believe Lame Duck Campinos
Microsoft Windows Falls Below 9% in South Africa: As one can expect, GNU/Linux is measured as going up in France
Gemini Links 03/05/2026: The Black Side of the Web, LiveJournal, Chimarrão: Links for the day
A Month Since Mass Layoffs at Red Hat (400+ Engineers Laid Off), The Media Didn't Cover It: We are very concerned about the state of the media
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, May 02, 2026: IRC logs for Saturday, May 02, 2026
Gemini Links 02/05/2026: Strange Psychosis and TUIs: Links for the day
Links 02/05/2026: Microsoft Has Begun Rebranding Vista 11 as 'XBox' (Because the Console is Dying), Slop Rejected by Oscars: Links for the day
IBM's CEO 10 Years Ago in IBM-Sponsored Forbes: "For those willing to embrace [blockchains], the future will indeed be bright.": How well did this prediction materialise?
SLAPP Censorship - Part 64 Out of 200: Not Amused by Repeated Threats (to "Shut Down" My "Existence" While Mentioning My Wife Too): it's about censorship
RightsCon Cancellation as a Data Point in a World Gone Astray: RightsCon should not even be controversial
The NHS is Under Attack by Anthropic and Microsoft (or Their Lemmings That Infect the NHS): They are kidding themselves if they seriously believe Web-facing source code repositories are the real threat to patients
cPanel is Not Linux, cPanel is Proprietary Software: It's fair to say I've used cPanel for 23 years
Links 02/05/2026: Gen Z is Turning Against Slop and OpenAI/Microsoft Rift Explained: Links for the day
Storage and Memory Prices Are Rising Not Because of High Demand (Production Can Match Demand), It's Partly Because of Price-Fixing (Same as Food Price Increases): Sophisticated robberies are still robberies
Thousands of Layoffs at IBM, So IBM Pays Mainstream Media to Claim That IBM is Hiring (Paid Lies): This is a story about the media failing us, not just IBM failing as a company
A Look at DataStax Bluewashing (IBM and Layoffs): IBM is a place that many people leave or get pushed out of
Gemini Links 02/05/2026: Leaving Session, Alhena 5.5.7, and Slop Failing Customers: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, May 01, 2026: IRC logs for Friday, May 01, 2026