Why Crackers Prefer Windows on Cash Machines

Dr. Roy Schestowitz

2010-07-29 16:02:31 UTC
Modified: 2010-07-29 16:02:31 UTC

Summary: Windows makes a lot of money for the bad guys, who are exploiting Windows-based ATMs

ATMs that run Windows are running for criminals to take advantage of them. This is a subject that we covered many times before along with examples. See the following older posts for background:

Here is Slashdot's summary about the latest example:

"Windows CE-based ATMs can easily be made to dole out cash, according to security researcher Barnaby Jack. Exploiting bugs in two different ATM machines at Black Hat, the researcher from IOActive was able to get them to spit out money on demand and record sensitive data from the cards of people who used them. Jack believes a large number of ATMs have remote management tools that can be accessed over a telephone. After experimenting with two machines he purchased, Jack developed a way of bypassing the remote authentication system and installing a homemade rootkit, named Scrooge,"

This links to IDG, which says:

The machines Jack hacked were, however, based on Microsoft's Windows CE operating system.

And from ZDNet:

At the Black Hat security conference here, Jack demonstrated two different attacks against Windows CE-based ATMs — a physical attack using a master key purchased on the Web and a USB stick to overwrite the machine’s firmware; and a remote attack that exploited a flaw in the way ATMs authenticate firmware upgrades.

Glyn Moody cannot comprehend such a tactless choice of Windows CE for ATMs. He asks, "why not just leave the notes out in the open?"

It should be no surprise that Google's vulnerabilities in Chrome are sometimes caused by Windows' inherent insecurity and this time for a change, "Google patches Chrome, sidesteps Windows kernel bug," reports IDG. "Microsoft was not available for comment late Tuesday."

It it worth adding that many Firefox flaws are Windows-only as well. Sometimes GNU/Linux is also affected and this new article says that "Google also released workarounds for two vulnerabilities in external components, helping to protect from flaws in the Windows kernel and GNU glibc components." Nothing is infallible, but Microsoft tends to fail more often than the rest and it hides this. ⬆

Recent Techrights' Posts

Microsoft's XBox "Bloodbath" Seems to Have Already Begun (Informally), Studios Allegedly to Face Shutdowns, Layoff Notices Handed Out, 100% Layoffs in Some Cases, 10% in Others or on Average: So is a complete closure/shutdown imminent? (Compulsion Games in this case)
SLAPP Censorship - Part 105 Out of 200: When Bad Legal Advice Results in Your Client, Dale Vince, Ordered to Pay £600k - or 801,930 United States Dollar (USD) - to the Person Frivolously Sued (Lord Bailey of Paddington): "A judge has ruled that Dale Vince must pay punitive costs to Lord Bailey of Paddington, the Tory peer, over the 'unexplained abandonment' of his" SLAPP
IBM is Importing/Exporting Corporations' Regime of Censorship (Hiding the Wrongdoing) to Free Software Communities: Is IBM protecting criminals in the name of "manners"?
European Patent Office (EPO) Series: Battistelli's "Baltic Crusader": Gilles Requena, Battistelli's erstwhile "Baltic Crusader" and the loyal servant of his successor Campinos
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, June 13, 2026: IRC logs for Saturday, June 13, 2026
Links 13/06/2026: University of Nottingham Confirms Data/System Breach, Courts Fuming at Fraudulent Lawyers Who Fling LLM Slop at Them: Links for the day
Gemini Links 13/06/2026: World Cups and 做人: Links for the day
Discussing Morale at IBM and Conversations Regarding IBM Layoffs (Disguised as Other Things): Trolling can be a form of censorship
European Patent Office (EPO) Series: All the President's Men: Gilles Requena,Patrice Pellegrino, and Sandro Mendonça
SUEPO Elections Coming Up, Union Leaders at Europe's Second-Largest Institution (EPO) to be Determined Soon: The staff union of the European Patent Office (SUEPO) is having an election soon
How Long for Can American Taxpayers Justify Bailing Out Microsoft?: How many times need the American taxpayers give Microsoft money for vapourware that's neither necessary nor delivered?
Links 13/06/2026: Microsoft’s XBox Crisis and "Apple Deepfakes": Links for the day
Gemini Links 13/06/2026: Why Humans Are Mostly Right Handed and "Getting Things Done": Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, June 12, 2026: IRC logs for Friday, June 12, 2026
SLAPP Censorship - Part 104 Out of 200: Exactly Two Years Ago Brett Wilson LLP Humiliated or Weaponised Our Solicitor's Judaism in an Effort to Censor and Gag Us: dated 12/06/24
Half a Year Since Slopwatch Died: To Google's credit, it did manage to delist a lot of slopfarms in recent months
Links 12/06/2026: Science, Windows TCO, and More: Links for the day
"AI" 46 Times in One 'Article' Because The Register MS Got Paid to Push it: Today is just another opportunity to remind people that the slop bubble and GPU bubble are based on inauthentic fake 'journalism'
Gemini Links 12/06/2026: FTP and Gopher, Cluster Outage Postmortem After Cleaning by Wife: Links for the day
Sonny Piers Finally Spills the Beans on GNOME Cover-up, Points Finger at Robert McQueen, Misusing "Defamation" to Silence Critics of Wrongdoing: Robert McQueen, who is extremely connected to Garrett (they share digital nests)
European Patent Office (EPO) Series: Transcending Partisan Rivalry in the National Interest: Up until now, Campinos has generally been regarded as a Portuguese "asset" on the international stage
Gratitude to Whistleblowers or Sources of Techrights: Whistleblowers are what makes journalism work
Techrights Was Months Ahead of "XBox" News (Mass Layoffs): Next: end of XBox as a console
More Commentary on June 2026 IBM Layoffs and Why They Happen: It sounds a lot like what happened to the EPO
Links 12/06/2026: "NearlyFreeSpeech" No More, Openwashing by Google (DiffusionGemma): Links for the day
Today There's a Massive EPO Strike (Like Every Friday), Workers Explain Further Cuts Despite the EPO Making More Income by Granting Illegal Patents (or Invalid Patents Illegally): "Recent exchange with the Administration on the implications of the SAP on the Education and Childcare Allowance"
The Cyber Show: Remember That Code is Art: The article is very long, very profound, and speaks of "the next installation"
Communicating With Freedom - Part IV - Quibble Now in quibble.chat, Open for Contributions Via Codeberg: Today we continue the series about Quibble
European Patent Office (EPO) Series: The Importance of Having "Pals from the Palacete": for his reappointment bid to succeed, Campinos will need to be able to rely on the support of both the Portuguese Prime Minister, Luís Montenegro, and the President of the European Council, António Costa
Cyber Show on How Updates or Upgrades Break Workflows, Even in Free Software: "We did a big upgrade on the AV production pipeline"
Discussions About IBM Layoffs in June, Including by RTO and PIPs: mass layoffs are becoming increasingly difficult to conceal
Gemini Links 12/06/2026: Decks and Work Essay: Links for the day
"Rolling Strikes" Continue at the European Patent Office, the Administrative Council Needs to Take Action Against Crooked Office Management: This coming weekend we'll talk about some of the other issues and concerns expressed by the union
Only Days After Mass Layoffs in Microsoft's Azure There Are Headlines About Much-Expected XBox Layoffs: XBox as a console is basically dead or "fast-dying"
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, June 11, 2026: IRC logs for Thursday, June 11, 2026