Stealing ATM Pin codes using thermal imaging
When Windows XP support ends, will ATM cash machines around the world be at risk of cyber attacks? Reuters

Microsoft is pulling support for the old Windows XP operating system from 8 April, in a bid to get consumers to move to newer Windows operating systems, but the decision puts a majority of ATMs at risk of cyber attacks.

Windows XP currently runs on almost 95% of all cash machines around the world as ATMs are designed to last between seven to 15 years.

In the UK, according to The Inquirer, Lloyds Banking Group, HSBC, Santander, Royal Bank of Scotland (RBS) and Santander have decided to pay Microsoft for extended contracts so that their ATMs will still be protected.

In 2012, cybercriminals fitted a keyboard video mouse (KVM) to a computer in a Santander bank branch in southeast London and attempted to divert millions of pounds from the bank remotely.

A Microsoft spokesman said in a statement: "There are certainly large enterprise customers who haven't finished their migrations yet and are purchasing custom support... The cost will depend on both the specific needs of the customer and what support they already have in place, so it's different for every customer."

RBS has signed a three-year deal with Microsoft to give it more time to upgrade its systems to Windows 7, but if RBS updates its systems by 2017, it would only be able to make use of Windows 7 for three years until that operating system reaches the end of its life cycle in 2020.

In theory, Windows XP embedded is actually supported by Microsoft until 2016, but other systems connected to the ATMs run regular Windows XP and will thus be susceptible to cyber attacks.

However not everyone wants to pay Microsoft more money and upgrading an ATM to Windows 7 requires additional hardware upgrades, so some financial firms in other parts of the world are considering moving to Linux.

Linux is a free, open source, operating system, much beloved by software developers for its streamlined, easily customisable software and fast performance. In the US, 30% of all electronic point of sale (POS) cash registers at petrol stations and stores already run on Linux.

"It makes sense to move to a bespoke, but open, platform like Linux - even from a data security sense. Microsoft's Achilles heel is data security," Gray Taylor, executive director of the Petroleum Convenience Alliance for Technology Standards (PCATS) told Computerworld.

"If I were Microsoft, I would have kept XP embedded alive for a few more years, and charged an escalating support fee for it," he said.

"That said, Microsoft has to serve shareholders and continually investing in a dead OS does not make sense."