US Edition
Home  |  Settings  |  Marketing Options  |  eNewsletters  |  About Us  |  FAQs    Join on LinkedIn
Unique perspectives

Integrated Systems - News

How Windows 10 enhances ATM security by protecting against cyber attacks
Techniques for migrating to Windows 7 can also be used to migrate to Windows 10

Speaking at ATM Security 2015 in London, Pat Telford, principal consultant at Microsoft Canada, summarised the software threats to ATMs and the features to combat them when migrating to Windows 10.

ATM security is compromised by physical attacks on the cash, physical attacks on the card, replacement of the ATM computer (black box), and malware attack (where normally a person visits the ATM and adds malware).

According to Telford, there are certain immutable laws of ATM Security:

  • If a bad guy can alter the operating system on the ATM, it’s not your ATM any more
  • If a bad guy has unrestricted physical access to the ATM, it’s not your ATM any more
  • If you allow a bad guy to upload programs to the ATM, it’s not your ATM any more
  • If a bad guy can persuade you to run his programme on your ATM, it’s not your ATM any more.

So what can you do to prevent these situations? There are plenty of physical defences including ATM location planning, ink and anti-skimming. Trusted devices can help against computer replacement/black box, says Telford. There is also layered defence-in-depth software security (firewall, whitelisting, and reducing the number of administrators).

Why are ATMs moving away from Windows XP?

The answer is because they have to. Windows 10 offers in-box security enhancements, a long support lifecycle and a long-term servicing model, says Telford, and has the same hardware requirements as Windows 7.

The key defence in Windows 10 is Device Guard, which enables a computer to be locked down to only run trusted applications – a virtual “machine” oversees security. If a piece of code is not signed by Microsoft or the user, it will not run. It is also resistant to tampering by an administrator or by malware.

In a situation of malware against Device Guard, a trusted system is used to mediate whether apps can run and you cannot boot from an alternate OS. It’s a similar system to an iPhone, for which you can only get signed software from the Apple Store, says Telford.

In summary, Windows 10 is not available yet as an OS from the major ATM vendors, but it’s an appealing platform. The servicing model includes continuous releases but with long-term branches for ATMs. To take advantage of Device Guard, you may need new hardware features on the ATM PC. Finally, techniques for migrating to Windows 7 can also be used to migrate to Windows 10.

Latest in

See privacy and cookie policy
Browsing from the Americas? Looking for US Edition?
View this content on US Edition, our dedicated portal for our Americas audience.
Do not show me this again
International EditionUS Edition