KUALA LUMPUR, Oct 1 ― Banks could be exposing their automated teller machines (ATM) to cyber attacks if the machines are still running on the Windows XP operating system, says techie Farhan Gazi.

He said Windows XP was now outdated, and its developer Microsoft had announced it had ended support for the operating system beginning April this year.

“If the machines are using an operating system that is no longer being supported, it will face a lot of threats,” said Gazi, who writes on technology online.

Commenting on the use of SIM cards in the high-tech heist involving Latin Americans, he said: “When the ATM information can be placed in a SIM card, it may fool the machines and the only way to really protect yourself from this is to not use ATMs at all.”

Advertisement

Another method that could be used, he said, is to turn the ATM's user manual against itself.

“All you need is a user manual which can be found online to give the user complete access to the ATMs,” he said.

“A lot of ATM owners don't change the default password and this password is usually in the user manual. Once they enter the default passwords, they can have access as an administrator and do whatever they want.”

Advertisement

On the use of viruses in hacking, web designer Michael Kwan, 29, said a virus could override an ATM's control to release the money.

“After getting to know the story from the newspapers, it seems that the syndicate didn't hack into the user database as they went from ATM to ATM,” he said.

“This means they did not touch anyone's account and directly withdrew money.”

Kwan said the SIM card used likely contained fake information for it to access certain parts of the ATM software.

“As far as I know, the SIM card is a simple interface providing a small database into a system. It tells the machine that you are there, then it prompts you for a password as it doesn't store sensitive data electronically,” said the computer enthusiast.