February 7, 2017 By Larry Loeb 2 min read

The Indian government revealed that over 70 percent of the automated teller machines (ATMs) in the country currently run Windows XP. Since this particular flavor of Windows has not been updated since 2014, its widespread use as an ATM operating system is concerning. Cybercriminals can exploit the many well-known system security issues that affect this outdated system.

A Massive Migration

Finance Minister Arun Jaitley said the government was working with “banks and other parties” to upgrade these machines, according to Softpedia. He reported that roughly 22,000 ATMs would need to be migrated to more current systems — likely Windows 10.

Jaitley did not provide a target date for such a migration, nor did he specify the hardware or software it would require. The finance minister did, however, admit that it would take a long time to complete.

Microsoft Supports Its Outdated ATM Operating System

To keep the ATMs up and running, Jaitley noted, some stakeholders engaged Microsoft to provide custom support for their specific machines. While this support enabled the machines to function, the migration from XP should still be carried out as soon as possible.

This situation highlights the problem with older technologies: When tools fall behind the times, they require capital to upgrade. In this case, while most big banks with plenty of resources continually upgrade their machines, the ATMs typically found in convenience stores and other retail locations have fallen behind.

Stakeholders Don’t Feel the Pain

Although any reasonable threat model for an ATM will include breaching, stakeholders may not be able to see actual breaches occurring or understand the issues stemming from outdated machines. In other words, they may not be feeling the pain.

The economic incentive to replace these machines may actually be negative, since there is currently no standard hardware or software platform. Why migrate at all if you are not sure where you are migrating to? However, failure to do so puts ATM users — their customers — at risk.

The current situation suggests that India has a long way to go when it comes to securing ATMs today and in the future.

More from

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Quishing: A growing threat hiding in plain sight

4 min read - Our mobile devices go everywhere we go, and we can use them for almost anything. For businesses, the accessibility of mobile devices has also made it easier to create more interactive ways to introduce new products and services while improving user experiences across different industries. Quick-response (QR) codes are a good example of this in action and help mobile devices quickly navigate to web pages or install new software by simply scanning an image.However, legitimate organizations aren’t the only ones…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today