Most ATMs in India Are Easy Targets for Hackers & Malware Attacks
State of ATMs in India Right Now
- 70 percent of 2 lakh ATMs in India still run on Microsoft’s Windows XP operating system.
- Microsoft stopped supporting Windows XP in 2014.
- Most ATMs are now attacked via malware.
- Experts says it will take 6 months to migrate ATMs from older OS to the latest version.
- It has become easier to build malware.
Hacking is a hotly debated subject across the country right now, and it’s fair to say that the ATM next door is also in danger. It has been reported that over 70 percent of the 2 lakh money-dispensing ATM machines in our country are running on Microsoft’s outdated Windows XP operating system, leaving it vulnerable to cyber attacks.
Support for Windows XP was discontinued by Microsoft in 2014 which means that since then the company hasn’t rolled out any security updates for this Windows version.
While it doesn’t make sense for banks to continue using outdated software, security experts feel that the practice stems from legacy behaviour, when physical attacks were a bigger threat than software hacks.
Most banks were equipped to handle common ATM attacks like ATM card or PIN skimming. Which is why they have relied on building a secure network across the central banking system and monitoring financial activities. This gave them the false notion that running on outdated operating systems wouldn’t be an issue.Nilesh Jain, Country Manager - India and SAARC, Trend Micro
But as we have seen over the past few years, there has been a rise in the number of malware attacks, and this according to Jain has catapulted a change in attitude from the banks, forcing them to make changes on the software front as well.
This change, however, is not going to happen overnight. However, security companies like Trend Micro have assured us that system software updates are underway.
Migration from outdated OS to the latest one is a humongous exercise which involves large-scale investment of money and manpower. It will take approximately 6 months to upgrade the existing systems in 70 percent of India’s ATMs, which are running on older OSs.Nilesh Jain, Country Manager - India and SAARC, Trend Micro
Earlier this year, following a malware-related security breach, the State Bank of India (SBI), HDFC Bank, ICICI Bank, Axis Bank and YES Bank blocked millions of debit cards that were compromised in one of the biggest data breaches in India’s financial sector.
According to experts, banks need to work towards gradually enabling EMV chip and PIN-enabled cards at ATMs to make transactions secure.
The Threat of Malware
Ignorance is bliss, they say, but in matters of financial security, it can be viewed as a recipe for disaster. Things are changing for the good, as Nilesh highlights here:
But why do people wait for such attacks to happen to bring about a change? To which, he says:
Anyone can build malware and infect a system, and the built-in security system won’t even detect it.
If there’s any respite from all this unwanted chaos is that security experts like Trend Micro and few others are working with banks to improve their current software ecosystem. These measures can only work in the short-term, so we’re hoping that major security overhauls happen in due course.
(Source: Economic Times)
(The Quint is now available on Telegram. For handpicked stories every day, subscribe to us on Telegram)