Windows to Power ATMs in 2005š
By Elisa Batista
Story location: http://www.wired.com/news/technology/0,1282,60497,00.html
02:00 AM Sep. 19, 2003 PT
Within three years, most bank machines that dispense cash will run on the
Windows operating system, according to a study published last week.
By 2005, 65 percent of bank ATMs (not including free-standing machines in
places like convenience stores and casinos) in the United States will use a
stripped-down version of Windows. About 12 percent of the machines will use
the operating system by the end of this year, according to Gwenn Bezard, an
analyst at market researcher Celent .
Bezard asked 20 of the top 60 banks in the country about their plans to
upgrade ATMs. He also interviewed the top 10 ATM manufacturers and software
He concluded the banking industry is ready to scrap IBM's OS/2 operating
system, which powers most ATMs today. They would prefer Windows, a platform
they consider "open" in that it is compatible with their internal corporate
networks. Also, it's so ubiquitous that they can add features to all their
ATMs without having to write multiple pieces of code for different machines.
"Because we are seeing so many mergers and acquisitions in the last few
years, you have large banks running a fleet of ATM hardware," Bezard said.
"With open technologies it is easier to run different types of hardware on
the same software."
While the infamous blue screen of death may haunt many desktop computer
users, the banking industry and security experts dismiss the fear that
someone will break into Windows-powered ATMs to empty bank accounts. For
one, the ATMs will use a stripped-down version of Windows NT that is quite
different from the software on desktop computers.
"What Microsoft actually sells to the banks for ATM use is a cut-down
version of Windows that doesn't contain things like Web servers," said Ross
Anderson, a researcher in Cambridge, England, and author of Security
Engineering ."They have tried to cut out the unnecessary rubbish that
clutters up the typical PC. How good a job they've done, I just don't
know.... So we definitely can't rule out the possibility that someone in
the future writes a Slammer-style worm that causes thousands of ATMs to
start spewing out cash."
But one of Anderson's colleagues, Bruce Schneier, chief technology officer
at security monitoring and consulting company Counterpane Internet Security
, dismissed this scenario. He pointed out that the machines would not
operate online and therefore would not become vulnerable to a malicious
Internet attack or to some virus passed around in an e-mail attachment.
Because the machines have no peripherals like floppy disks, it would be
difficult for a cracker to install code or steal information.
Indeed, the reason bank robbers still tend not to focus on ATMs to do their
dirty work is that ATMs have almost never fallen prey to malicious hacking.
Roughly $1 trillion of ATM withdrawals will take place this year, with
losses of only $15 million. The losses are largely attributed to fraud --
stolen ATM cards or greedy bank insiders in charge of restocking the
machines with cash, according to Dove Consulting .
"When you think about an ATM machine, it is basically a vault," Schneier
said. "There is inherent security there."
ATMs running on Windows can be customized to become moneymakers for banks,
which can program them for advertisements or to vend services like tickets.
Even though Celent's Bezard said most banks would not offer advanced
features on their revamped ATMs, machine manufacturers such as NCR envision
a future in which the machines not only dispense cash, but also lottery
tickets and soft drinks.
"Financial institutions will experiment with those functions," said Steve
Risto, a director at NCR. "Some will win."
And all those features, of course, will run on Windows.
"Obviously we understood the limitations of Windows in regard to ...
security and addressed these issues during the ... implementation," said
Karl Felsen, spokesman for Fleet Bank, the seventh-largest U.S. bank.
"A Windows platform will give us more flexibility and opportunity for
future enhancements," said Julie Davis, spokeswoman for Bank of America,
the biggest U.S. bank. "The Windows platform allows us to put even better
protections in place. However, we won't discuss the details of our security
R. A. Hettinga <mailto: [EMAIL PROTECTED]>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]