www.wired.com/news/technology/0,1282,60497,00.html
By 2005, 65 percent of bank ATMs not including free-standing machines in places like convenience stores and casinos in the United States will use a stripped-down version of Windows. About 12 percent of the machines will use the operating system by the end of this year, according to Gwenn Bezard, an analyst at market researcher Celent . Bezard asked 20 of the top 60 banks in the country about their plans to upgrade ATMs. He also interviewed the top 10 ATM manufacturers and software vendors. He concluded the banking industry is ready to scrap IBMs OS/2 operating system, which powers most ATMs today. They would prefer Windows, a platform they consider open in that it is compatible with their internal corporate networks. Also, its so ubiquitous that they can add features to all their ATMs without having to write multiple pieces of code for different machines. Because we are seeing so many mergers and acquisitions in the last few years, you have large banks running a fleet of ATM hardware, Bezard said. With open technologies it is easier to run different types of hardware on the same software. While the infamous blue screen of death may haunt many desktop computer users, the banking industry and security experts dismiss the fear that someone will break into Windows-powered ATMs to empty bank accounts. For one, the ATMs will use a stripped-down version of Windows NT that is quite different from the software on desktop computers. What Microsoft actually sells to the banks for ATM use is a cut-down version of Windows that doesnt contain things like Web servers, said Ross Anderson, a researcher in Cambridge, England, and author of Security Engineering . They have tried to cut out the unnecessary rubbish that clutters up the typical PC.
So we definitely cant rule out the possibility that someone in the future writes a Slammer-style worm that causes thousands of ATMs to start spewing out cash. But one of Andersons colleagues, Bruce Schneier, chief technology officer at security monitoring and consulting company Counterpane Internet Security , dismissed this scenario. He pointed out that the machines would not operate online and therefore would not become vulnerable to a malicious Internet attack or to some virus passed around in an e-mail attachment. Because the machines have no peripherals like floppy disks, it would be difficult for a cracker to install code or steal information. Indeed, the reason bank robbers still tend not to focus on ATMs to do their dirty work is that ATMs have almost never fallen prey to malicious hacking. Roughly $1 trillion of ATM withdrawals will take place this year, with losses of only $15 million. The losses are largely attributed to fraud - stolen ATM cards or greedy bank insiders in charge of restocking the machines with cash, according to Dove Consulting . When you think about an ATM machine, it is basically a vault, Schneier said. ATMs running on Windows can be customized to become moneymakers for banks, which can program them for advertisements or to vend services like tickets. Even though Celents Bezard said most banks would not offer advanced features on their revamped ATMs, machine manufacturers such as NCR envision a future in which the machines not only dispense cash, but also lottery tickets and soft drinks. Financial institutions will experiment with those functions, said Steve Risto, a director at NCR.
|
http://csua.com/feed/