There's really a plethora of operating systems to be found on ATMs. Many older ones are just CICS screens or similar. OS/2 was also very popular, but as mentioned, Windows XP is taking over. In internal penetration tests, it's not uncommon to compromise a Diebold ATM because they often lack patches for common vulnerabilities, such as NetAPI. That's scary, but then again there are a lot of hurdles to clear before you can make this access useful. You have to be on the internal network first, then you have to find a way to read inputted information (I believe pin-pads are encrypted at some point?), etc. Certainly possible, but it's not low hanging fruit -- especially when stand-alone ATMs like Triton and Tranax can often be easily cleaned-out with a pre-paid debit card, the right button combo on the keypad and a default password.
vitaly _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
