Continued use of obsolete systems led to recent ATM hacks


KUALA LUMPUR: The spate of Automated Teller Machines (ATM) hacks last month were due to financial institutions' continued use of obsolete operating systems and lack of "penetration testing", opined an IT security consultant.

Jacco Van Tuijl, who conducts penetration testing (sanctioned hacking into systems to determine their vulnerability to attacks) for banks in the Netherlands, pointed out that many ATMs still use the now-obsolete, 13-year-old Windows XP operating system.

This leaves systems and ATMs vulnerable to hacking attacks as Microsoft has since stopped providing support and security updates to the operating system.

Van Tuijl said banks and financial institutions should update their operating software to a current, supported version to avoid being victims of hackers.

"It would be tough to protect against any kind of malware. Every day, new vulnerabilities are published," he told The Star Online at the Hack in The Box security conference recently.

"You can't have a machine and leave it without doing proper patching," he said, pointing out that Microsoft, for example, released security patches for its products every Tuesday.

Another IT security consultant, Dr Stefano Zanero, said that the recent ATM hacking cases showed the importance of physical security of the ATMs, as the incidents showed the how easily the machines were tampered with.

He said this sort of defect would have been detected if the banks had hired penetration testers to test out their systems.

"The ATM is basically a computer. We have conducted penetration tests and were able to access USB ports inside of ATMs by cutting through the metal.

"While network security is important, so is physical security," said Dr Zanero.

Last month, a gang exploited flaws in the authentication process to hack into at least 14 ATMs in Selangor, Johor and Malacca, and got away with almost RM3mil.

Police said the suspects hacked the machines by inserting a disc into the ATMs' CD-ROMs that would then infect the machines with a virus or malware.

The ATMs are believed to have been using the Windows XP system.

Van Tuijl said the gang would have had physical access to an ATM to test their malware.

"Software and malware development is about trial and error. It would have taken a lot of testing," he said.

He added that the gang would have been well-organised, comprising people with various skill sets.

Dr Zanero said that the attacks against ATMs was not specific to Malaysia and occurred in other parts of the world as well.

He said that similar cases were recorded in Russia and Middle East recently.

Get 20% OFF The Star Digital Access

Monthly Plan

RM 13.90/month

RM 11.12/month

Billed as RM 11.12 for the 1st month, RM 13.90 thereafter.

Best Value

Annual Plan

RM 12.33/month

RM 9.87/month

Billed as RM 118.40 for the 1st year, RM 148 thereafter.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
ATM hack , Banking , Security , Operating systems

Next In Nation

Shah Alam Line: Govt to seek audience with Selangor Ruler to provide explanation, says Transport Minister
Fire razes four shoplots in Penang's Jalan Perak
Govt offers 10% home purchase discount during Asean Real Estate Conference 2026
Johor Polls: Muhyiddin warns low Malay voter turnout could determine election outcome
Johor Polls: Fahmi cautions voters over digital sabotage, fake accounts
Malaysia assures Belgium that South China Sea will remain open
Malaysia seeks stronger, forward-looking partnership with New Zealand, says High Commissioner
Lorry driver, assistant killed after crashing into stalled car in Kulai
Johor Polls: Come home to vote, says Fahmi
Johor polls: Indian community's votes key for Pakatan victory, says Gunaraj

Others Also Read