With only a few months left until Microsoft support for Windows XP officially expires, almost all bank ATMs still rely on the archaic OS. There are only 70 days left until Microsoft support for Windows XP expires. While that deadline seems ominously close now, it shouldn’t come as a surprise. The OS is ancient, and Microsoft announced the intent to end support for Windows XP last April, so it’s hard to fathom why 95 percent of the ATMs in the world still run Windows XP, and why banks haven’t made it a higher priority to upgrade. At the 2010 Black Hat conference in Las Vegas deceased security researcher Barnaby Jack famously demonstrated how to exploit an ATM machine and cause it to spit out cash as if you’d hit the jackpot. Hacking an ATM machine may soon be much easier when Microsoft support for Windows XP expires in April because almost all of the ATMs still run Windows XP, and Microsoft will no longer be issuing updates or security patches for the OS. Microsoft is offering continued support for a fee, and apparently major banks plan to take advantage of that service to make up for the fact that they’re so far behind the curve. JP Morgan is reportedly buying a one-year extension of support from Microsoft and will begin converting its 19,000 ATMs to Windows 7 in July. For customers, there probably will not be any significant increase in risk when using ATMs from major banks. Those institutions generally have better security in the first place, and they’ll most likely follow JP Morgan’s lead and purchase extended support from Microsoft to mitigate the risk while they catch up on upgrading their machines. You might want to avoid the independent standalone ATMs that you typically find at gas stations and small “mom & pop” shops, though. There’s a reasonable chance that the owners of those machines don’t even realize they use Windows XP, and that they’re not aware of the impending doomsday when support for Windows XP expires and open season from cybercriminals begins. For the most part, though, it’s not the customers who need to be concerned as much as the ATM owners. While it may be possible for an attacker to inject malware that might capture sensitive data and customer PINs, the greater risk is that an attacker could circumvent the system and cause the machine to spit out cash as Barnaby Jack demonstrated in 2010. ATMs are just the tip of the iceberg, though. There are many kiosk and embedded systems that still run Windows XP, and things could get very interesting once Microsoft stops developing patches. Related content news VTech hack exposes personal information of millions of customers By Tony Bradley Nov 30, 2015 3 mins Data Breach Cyberattacks Internet Security news An encryption back door won’t actually help intelligence agencies By Tony Bradley Nov 24, 2015 4 mins Internet Security Data and Information Security news Damballa warns that the enemy may already be in your network By Tony Bradley Nov 23, 2015 3 mins Data Breach Cyberattacks Internet Security news Vera partnership gives Dropbox comprehensive data security By Tony Bradley Nov 05, 2015 3 mins Dropbox Data and Information Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe