back to article Want to hack a hole-in-the-wall cash machine for free dosh? It's as easy as Windows XP

ATM machines are vulnerable to an array of basic attack techniques that would allow hackers to lift thousands in cash. This according to researchers at Positive Technologies, who studied more than two dozen different models of ATMs and found (PDF) nearly all would be vulnerable to network or local access attacks that would …

  1. Anonymous Coward
    Anonymous Coward

    Absolute security does not exist, enough time and resources and any security is vulernable

    That direct access to ATM hardware makes it's easier to bypass security measures goes without saying, atm manufactorers need a reliable way to spot the compromised ones when they are returned to service, more than they need more evidence that once the ATM is out of their control that it is vulnerable.

  2. iron Silver badge

    > banks take to take a dim view of customers handing out at ATMs for longer than a few minutes

    Banks sure but what about all those ATMs sitting by themselves in a shop or service station? Or those many locations where the bank closed the branch but left a machine so customers still had some access to their money? Without trying I can think of several local ATMs that are not built into a wall, have no one watching them and no CCTV except for any camera built into the ATM itself.

    1. imanidiot Silver badge

      The ones not built into a wall are usually bolted to the floor. When it comes to access to compromise a machine I think the wall mounted units are actually more vulnerable as they usually have an enclosed backroom for access while filling the machine. The front is usually entirely sealed, but that backroom can be accessed by bribing the right sales clerk or shop owner, who probably also has access to the video recording equipment to accidentally switch it off or spill some coffee a day ahead of the attack. And once the attacker is in the backroom he is out of view and can do his nefarious deeds undisturbed. Hanging around in public is usually more visible. Though the blatant "put on a polo shirt with the banks logo, walk in and put up some barriers, open the machine and get to work" approach will probably also work. People are surprisingly unquestioning if you wear a correct looking outfit and act like what you are doing is completely normal.

      1. phuzz Silver badge
        Coat

        People are surprisingly unquestioning if you wear a correct looking outfit and act like what you are doing is completely normal.

        Leading to the counter-intuitive situation where a high-vis jacket makes you invisible.

        1. Anonymous Coward
          Anonymous Coward

          hence why visually profiling people doesn't work. its an idea that makes sense to the public who visualise thieves in masks, stripy tops and swag bags, or terrorists in beards, keffayahs and turbans.

          the politicians and security services realised long time that 90% of security theatre is perception management. it doesnt matter if people are robbed or hurt as long as they *feel* safe. and rather strangely, its worse when people *feel* unsafe than when they're *actually* unsafe.

          hence, the shepherd is there to watch the sheep, and cares little about the wolves.

        2. jake Silver badge

          Not really.

          "Leading to the counter-intuitive situation where a high-vis jacket makes you invisible."

          It's not counter-intuitive at all. It's called "camouflage", or, if you prefer, "blending in with your surroundings". What works in the Sahara doesn't necessarily work in the Arctic and vice versa. The trick is to make your mark look past you instead of at you. See the predominance of cheap suits in middle management for a good example ... the wearers are all nameless and faceless, and they like it that way.

          1. phuzz Silver badge

            Re: Not really.

            You're right, 'counter-intuitive' is the wrong choice of words. Perhaps I should have said that it's literally wrong (but figuratively correct)?

        3. Criggie
          Pirate

          As a cyclist, you're not wrong.

  3. Anonymous Coward
    Anonymous Coward

    As far a I can see, all of the attacks mentioned require access to the hardware, so that immediately limits the actual risk of these exploits taking place.

    Criminals either need to remove the device to a place where they can work on it undisturbed, or somehow gain access without being seen.

    Any computer, of any description, is vulnerable if you can start plugging things into ports, or nicking the hard-drive.

    And they are probably NOT running Windows XP. Instead they are likely to be running Windows XP Embedded or Windows Embedded Standard 2009, which is still under extended support, and both of which have much less attack area than vanilla XP.

    1. Halfmad

      You'll need access to the hardware in order to pick up the cash anyway so you'd be nearby regardless.

      "we need to be physically near" isn't really a get out when these can be placed in quiet shopping centre areas, sides of petrol stations, closed back branches etc.

      1. Danny 14

        a few small banks have their ATMs inside, at night a card swipe lets you into a small foyer where the atm is accessible.

        Our local spar has an ATM and a spotty oik manning the till at 11pm

        1. sanmigueelbeer
          Happy

          at night a card swipe lets you into a small foyer where the atm is accessible.

          A few years ago the big banks (Australia) were caught out when it was exposed that the swipe access works with ANYTHING. Swiping a hotel room key, for instance, or a train/bus ticket and the door opens just like Aladdin's cave. Fun times that was.

          1. entfe001

            A few years ago the big banks (Australia) were caught out when it was exposed that the swipe access works with ANYTHING.

            Same here in Spain: the "swipe access" is nothing more than a little button embedded into a credit card sized slot that, when triggered, unlocks the door. Any solid object which can fit this slot can open any of these doors: travelcards, business cards, even a paperclip if you know where to poke (and if not, just keep poking around and you'll eventually hit it).

            This has been that way for ages and nobody cares. This easy access is useful for homeless people to spend the night, to the point that it is virtually impossible to find an indoor ATM at night without a tenant. Mind you, unemployment and housing prices are still a huge problem here despite the "we're out of the crisis" official statements.

        2. Anonymous Coward
          Anonymous Coward

          "a few small banks have their ATMs inside, at night a card swipe lets you into a small foyer where the atm is accessible."

          Midland (before they became HSBC) had a setup like that in the middle of Bristol 20-ish years ago. I knew someone who worked in that branch and he once explained how it was always amusing on a Monday morning to go through the CCTV footage from Friday/Saturday night to see what the people who met up in a club/bar that night and thought they'd found a "private-ish" place to take their relationships to the next level ... apparently this was a very regular occurence!

    2. caffeine addict

      And they are probably NOT running Windows XP. Instead they are likely to be running Windows XP Embedded or Windows Embedded Standard 2009, which is still under extended support, and both of which have much less attack area than vanilla XP.

      Came here to say the exact same thing. I'd expect that kind of cockup from the Daily Mail not El Reg...

    3. Andy Humphreys

      XP Version

      The NCR machine here at the Tesco Superstore up the road from the office, shows Windows XP Professional, copyright 1983-2001! When I took the picture of the machine last June, it was in a state of shutdown, but frozen up..

      Whether embedded or not, to any customer who has been spoon fed the risks of staying with XP, it then doesn't look that brilliant..

      1. Anonymous Coward
        Anonymous Coward

        Re: XP Version

        XP embedded shows professional logos. There are no embedded logos.

        For numpties like the "experts" that wrote the clickbait ba

        garbage, XP Embedded has a lower attack surface that XP, depending on how it's configured, slightly lower, or massively lower.

        I have made a 90mb XPe runtime image, with a read-only file system (writes are filtered). Its likely more secure than Windows 10.

    4. Captain Scarlet Silver badge

      all of the attacks mentioned require access to the hardware

      A lot of attacks reported near where I live extract the machines with stolen diggers (So being near a building site immediatly increases the actual risk greatly), none with the explsoives have been used around here yet.

      1. Flywheel

        Re: all of the attacks mentioned require access to the hardware

        Explosives you say?

        Round our way they tend to use compressed air - to literally blow the ATM out of the wall. It's a lot easier to find a compressor lying around than dynamite ...

      2. Peter2 Silver badge

        Re: all of the attacks mentioned require access to the hardware

        none with the explosives have been used around here yet.

        Blowing up an ATM with explosives is dangerous, wakes everybody within miles and attracts attention, which leads to photographs etc, plus produces such a huge outcry that the police are obliged to exhaustively investigate any lead going. Explosives are also very tightly regulated and thus highly traceable.

        Ramming a digger into the ATM and driving off with it, sticking the ATM in a makeshift farraday cage (one assumes they have a tracking device) while you blowtorch it open is relatively easy in that all you need is a digger and it also doesn't attract much attention from the public, or from the police.

        1. jake Silver badge

          Re: all of the attacks mentioned require access to the hardware

          "Explosives are also very tightly regulated and thus highly traceable."

          Horse hockey.

          Anybody with a basic knowledge of chemistry can easily make explosives powerful enough for this kind of shenanigans with nothing more than the contents of the average urban house.

          Yes, even in Blighty.

    5. Anonymous Coward
      Anonymous Coward

      Not the network port attacks

      All you need is physical access to the twisted pair connected to its port - if a convenience store had an ATM connected in that way it would probably be pretty easy - many of them will have wiring run in a suspended ceiling which would be trivial to access from a restroom.

      Just cut the cable, attach connectors to both ends, and connect it to a wifi router with a battery. Then you can replace the ceiling tile, hack the ATM at your leisure from the parking lot over wifi, and when you are ready to trigger the "dispense all cash" command you have a couple conspirators go inside and distract the cashier so he isn't watching when the ATM spits out $10,000. They probably wouldn't figure it how it happened, so you'd be able to return later, swap the battery, and do it again!

      Many ATMs use cellular, I wonder if the network port attacks could be done against that either by splicing into the antenna wire (since the antenna is often just sitting on top with a wire running inside the ATM) or by getting it to connect to a fake base station.

    6. Ian Johnston Silver badge

      As far a I can see, all of the attacks mentioned require access to the hardware, so that immediately limits the actual risk of these exploits taking place.

      What's more, getting at the hardware to hack it invariably means getting into the same security casing which protects the cash store. Who busts open a safe - effectively - and then spends ten minutes to an hour hacking the computer inside rather than simply removing the drawer full of cash and scarpering?

      1. silks

        The cash safe is much more hardened and separate than the PC gubbins that controls the ATM.

        1. Ian Johnston Silver badge

          The cash safe is much more hardened and separate than the PC gubbins that controls the ATM.

          Having watched the things being refilled in banks, the PC seems to be inside the same safe which protects the money. I suppose the miniature freestanding ones you find in shops might do it differently, though.

    7. Anonymous Coward
      Anonymous Coward

      I can assure you from first hand experience that certain rather large banks are still running NT4 on ATM's let alone XP. OS/2 was prevalent until very recently!

      But yes, the real issue is access in the first place. Prevent physical access and 99% of these attack vectors go away. The exception, and the far more plausible one, would be for someone with access other areas of a banks network to direct attacks to the ATM.

      The inside job, supported by insider info is far more plausible a threat.

    8. Anonymous Coward
      Anonymous Coward

      Will criminals actually bother with all this?

      It's nice that someone's thinking about the IT side of ATM vulnerabilities, but i can't see criminals bothering with gaining physical access to LAN ports, etc and working out how to hack the machine to dispense the cash. They seem to have worked out quite serviceable low-tech methods of doing this already, using JCBs, gas canisters, or even just a Land Rover with a steel cable.

    9. Mongrel

      "As far a I can see, all of the attacks mentioned require access to the hardware, so that immediately limits the actual risk of these exploits taking place."

      Go have a poke around the Deviant Ollams YouTube channel, here's a good start https://www.youtube.com/watch?v=a9b9IYqsb_U&t=31s .

      He, convincingly, demonstrates just how many things that should be kept secure are not - often laughably so. Here he is opening a banks vestibule door with a mouthful of whiskey https://www.youtube.com/watch?v=SDl4AO4ancI

      So just cover the camera and use the manufacturer key\spend 20 seconds picking the lock and you have access to the hardware. Do this late at night and there's a pretty good chance you'll be undisturbed for 10 minutes.

    10. steviebuk Silver badge

      Or get a job repairing the ATM's. The companies that normally do this don't seem to give a shit. Like a past friend I knew had to go to a none working ATM for a fix. When he got there is was all taped off with police as it had been raided. Calling back to base to inform said knob head boss he was told "I don't care if the police are there, go and fix it.".

  4. Josco

    Physical access is quite easy

    A few years ago I had a temp job changing the signage on a certain banks network of ATMs. This required me to have unfettered access to the machines and all work was carried out during opening hours. Rarely was I questioned about what I was doing by members of staff, and there was never any check that I was certified to carry out the work and no ID was ever requested. On external machines I would await my turn to access the ATM with members of the public in the queue and then proceed to attack the machine with various tools to remove its outer coverings. No one questioned me, not even the two coppers who passed on one occasion.

    I have to say that at no point was I able to actually connect to the inner workings because I had neither the knowledge or the tools, but I doubt any one would have said anything even if I had.

    Amazing what a Hi-Vis vest can do.

    1. A Non e-mouse Silver badge

      Re: Physical access is quite easy

      Amazing what a Hi-Vis vest can do.

      There are numerous studies about how if you look like you know what you're doing you're very unlikely to be challenged. Milgram is a good (and scary!) starting point on this.

      1. caffeine addict

        Re: Physical access is quite easy

        Many years ago (mid 70s maybe) my father ended up trapped airside at Heathrow pretty much by accident because he was holding a clipboard and people kept holding doors open for him... :/

      2. Anonymous Coward
        Anonymous Coward

        Re: Physical access is quite easy

        Milgram is scary alright, but more for the damage it has done to the reputation of social psychology than anything else. Unfortunately, his write up of the experiment seems to have very little resemblance to what actually happened.

        1. Anonymous Coward
          Anonymous Coward

          Re: Physical access is quite easy

          Milgram is scary alright, but more for the damage it has done to the reputation of social psychology than anything else

          On the contrary, his work helped to establish that social psychology is junk science. We should be grateful to him for making it so obvious.

          1. jake Silver badge

            Re: Physical access is quite easy

            "his work helped to establish that social psychology is junk science."

            Yeahbut ... since when did proving anything to be "junk science" ever prevent TheGreatUnwashed from believing it to be absolutely true?

          2. Anonymous Coward
            Anonymous Coward

            Re: Physical access is quite easy

            We should be grateful to him for making it so obvious.

            I'd say I thought it was about as plainly obvious as you can get.

            But then I remember that psychologists still get to make policy and all sorts of things.

            A family member of mine got involved in some legal shenanigans. psych involved in report writing told us that we could challenge anything factual that was wrong in their report, but anything that was part of the opinion would not change. That alone proves that their reports are not, in any sense, based on fact but merely opinion. Yet even if the factual basis of their opinion can be shown to be wrong[1], their opinions still carry enough weight to have far-reaching and life-changing consequences for their victims and the families of their victims. But there is seldom any chance to take action against said psychologist because 'they merely presented an opinion based on their experience and training'.

            If ever there was just-cause for a death penalty.............

            [1] "Your honour, in my opinion he's a dangerous murdered who will commit further crimes because he confessed to several murders during out sessions".

            'Actually no, I did not confess anything of the sort!'

            "You're right, my mistake. I confused you with someone else. Your honour, in my opinion he's a dangerous murderer who will commit further crimes despite no evidence of such ever having been presented to me"

            "'"Very well. The psychologist's report says you're dangerous, so I'm going to rule that you be committed to a secure facility, without appeal or recourse, despite the fact that there is not one shred of evidence outside of this opinion that you're dangerous. The evidence is incontrovertible. The psychologist speaks, therefore it must be. "'"

            [Not my familty's experience, BUT stuff that I understand has actually happened in several places - paraphrased]

    2. jake Silver badge

      Re: Physical access is quite easy

      "Amazing what a Hi-Vis vest can do."

      Indeed. Add a hard hat, white van, well-used tool belt and a clipboard and you can get away with almost anything.

    3. Shadow Systems

      Re: Physical access is quite easy

      At Josco, re: a HighViz Vest.

      Back when I used to be a YardDuty & Crossing Guard at my son's elementary school, I wore a HVV as part of safety. I already had one of my own, but the school provided one as well.

      I was coming home one early evening when an accident happened to some cars ahead of me on the motorway. Viz was shite, a fog was building, & I feared that other drivers might worsen the situation by adding themselves to the scene. So I pulled over into a nearby parking lot, put on my HVV, grabbed my (6 D cell) MagLite, & walked to the accident scene. I started directing traffic around the scene, just one arm pointed into the parking lot & the other waving the flashlight in a "Go that way" fashion, & traffic started to do as I directed. I kept it up until an actual policeman showed up & thanked me for the assist. As I tipped my hat & was about to leave he asked me what department I was with.

      "I'm not. I'm a civilian. I just didn't want your job to get any harder before you got here."

      Long story short, he ended up buying me a pint in gratitude & I wound up joining the Policeman's Bowling League... All because I owned a HVV & used it to good intent.

      You can do very good & very bad things with a HVV, a clipboard, & a flashlight. If you have a HVV hard hat & a fat walkie talkie (so you look like a construction site foreman) then you can REALLY make things happen. It's all in what you intend & how you go about it.

      1. Sceptic Tank Silver badge
        Stop

        Re: Physical access is quite easy

        @Shadow Systems

        The trouble with directing traffic like that is that you are not an authorised person, and you may personally be held liable for damages if an accident happens.

        1. jake Silver badge

          Re: Physical access is quite easy

          On the other hand, you may be personally held liable for damages it it comes out that you were capable of directing traffic but chose not to and an accident occured ... negligence as a legal term can be used for some very ugly things.

      2. Rich 11

        Re: Physical access is quite easy

        & I wound up joining the Policeman's Bowling League

        A better choice than the Policy Rugby Team. You spend every Sunday feeling like you've been thrown down the custody suite stairs, twice.

        1. Rich 11

          Re: Physical access is quite easy

          Policy Rugby Team

          Damn you, Autocorrupt! Damn you all to hell!

      3. Anonymous Coward
        Anonymous Coward

        Re: Physical access is quite easy

        "I'm not. I'm a civilian. I just didn't want your job to get any harder before you got here."

        I've had both sides of cops while doing that. Most have been grateful and a few have asked me to stay on so they can do more important stuff till backup arrives, but in one case where I was directing traffic away from a very bad accident I was actually threatened with arrest by the first attending officer. He wasn't even going to go look at the scene till he'd dealt with me. A higher-up who showed up a few minutes later spoke to us, and told the junior he'd watch me while the junior went on to survey the accident scene. Suffice to say I was soon very much thanked by the higher up and the junior got a telling off.

        Interfere in police work at your peril in many jurisdictions, even if your "interference" has a chance of saving lives.

    4. Anonymous Coward
      Anonymous Coward

      Re: Physical access is quite easy

      Amazing what a Hi-Vis vest can do

      Many years ago I routinely used a white lab coat to access Universities, Hospitals, and Research labs - never had a single problem.

  5. steelpillow Silver badge
    Mushroom

    eXperience Points? hahaha

    My local bank's ATM was attempting to restart XP when I happened to be passing a few days ago. One of the Big [However Many are Left].

    Just one example of how banking IT security is still an utter shambles.

  6. Locky

    These black hat hacks are all well and good, but the Lincolnshire ne'er-do-wells prefer a more.... brute force attack

    1. caffeine addict

      There's nothing special about Lincolnshire. It's basically your good old fashioned ram-raiding.

      Round my parts they prefer Landies and JCBs to smash the wall or the front door, then a Subaru to scarper with it. Earlier in the year they hit three local Aldi's on three consecutive nights...

      The other one I've heard is basically filling the machine with gas, although I don't recall if that's to use the gas pressure directly or to ignite it and blast the things open.

      1. A.P. Veening Silver badge

        Gas filling

        Ignite and blast, gas pressure itself is insufficient as those things leak worth than sieves, which is just what you like for a nice fuel-air explosion.

      2. Anonymous Coward
        Anonymous Coward

        But in Lincolnshire they do it in style.

        On the second ram raid around here, they took the forklift into the old listed building, taking out 1 of the 3 cash machines in the village out... then when they police turned up, in force, from the local town... turns out it was a distraction, and they then hit the bigger cash machine in said local town that had no police cars left in it to respond. XD

  7. fidodogbreath

    "ATM machine"

    Is that where you enter your Personal Identification Number number?

    1. Borg.King

      Re: "ATM machine"

      Is that where you enter your Personal Identification Number number?

      Then you can get your hands on all that cash money.

    2. Goldmember

      Re: "ATM machine"

      Believe it or not, earlier this year I got a letter from Natwest which stated that the "PIN Number" for my new card was on its way.

      It seems the term has become de facto (or maybe they got the intern to write the letters that week).

    3. JBFromOZ

      Re: "ATM machine"

      at last... someone asking the IMPORTANT questions

  8. arctic_haze

    The banks don't care

    It is peanuts for them and they are most probably insured, anyway.

    1. Glen 1

      Re: The banks don't care

      Re: insurance

      It is the insurer's job to not pay out if they legally can.

      "Did you know about these faults"

      Comes under the same heading as

      "Did you give anyone else your pin"

      And

      "Did you pack these bags yourself"

      1. Ken Moorhouse Silver badge

        Re: insurance

        I used to use the automatic deposit machines in bank branches to deposit cheques.

        Until...

        I got a letter from the bank asking me to check whether deposits I had made on a specific date had appeared as such in my account. They hadn't, so I rang the bank to ask why not. Turns out that the bank had been robbed that day after my visit.

        I was told to contact the payees and get them to send me the cheques again. "Are you kidding? It took a lot of effort to get one or two of those customers to write those cheques out the first time, let alone again."

        "Surely you are insured against this kind of thing, in any case?"

        Apparently not, or that was what I was told.

        In the end they compromised by agreeing to write to my customers on my behalf.

        After that experience: no more using the automated deposit machines.

        (I did succumb once, since then, queuing up one day I was persuaded to use one of their super-duper new machines which printed images of the payments onto the receipt slip which proves the deposit has been made. How could they possibly get that wrong?

        Would you believe it but the slip I received showed the deposit had been made at a different branch to the one I was in?! There was a day's delay before that credit appeared on my account - which I complained about).

        1. Roland6 Silver badge

          Re: insurance

          >"Surely you are insured against this kind of thing, in any case?"

          Apparently not, or that was what I was told.

          Makes sense, given the banks are also insurance brokers.

          What is the likelihood of an ATM being attacked and if it is compromised: how long before someone (at the bank) spots it, what is the potential loss and who's loss is it?

          1. whileI'mhere

            Re: insurance

            "Makes sense, given the banks are also insurance brokers."

            No. No it does not. Brokers are agents - they sell insurance but do not write it. They do not underwrite or carry third party risk. Conversely, for many risks that you might assume they would insure against, they may choose to self-insure (i.e. just take the risk and suffer the loss). The fact that banks sell some forms of insurance to customers has no link to why they may or may not be insured by a insurer for acts of theft or criminal damage.

        2. ICPurvis47
          FAIL

          Re: insurance

          Soon after we were married, and were very hard up, we went to the local supermarket (Bishop's) and bought the absolute minimum amount of food to get us through. The checkout came to £10 approximately, so I wrote a cheque and we took our shopping back to the car park and thence home. A few days later, I received a letter from Bishop's telling me that they had been robbed, and that my cheque was in the cash bag that had been stolen. They then asked me to re-issue the cheque to cover their loss. I replied that I would not do so, as I had completed the transaction in good faith, and that I was not responsible for what they did (or did not do) with that cheque subsequently. I posed the question that, if I had been mugged in the car park, and our £10 worth of groceries had been stolen, would they have expected to allow me to replace those stolen goods for free? I think not. The cheque was never presented, and we never heard any more about the matter. My only regret was that it was only £10, if I had known, I would have kited a lot more.

  9. entfe001

    About the article picture...

    This does not look like an ATM at all. It actually is identical to a Barcelona tramway ticket machine. I would even dare to say the picture was taken at Wellington tram stop.

    1. Ken Moorhouse Silver badge

      Re: the picture was taken at Wellington tram stop.

      That machine is notorious for taking a long time to boot up.

  10. TheWeddingPhotographer

    Same story different year

    The real eye opener is that this is not new news

    It's the same for lots of critical systems... hospital scanners etc etc

  11. HWwiz

    Physical security.

    I work in UK banking, and yes almost all cash machines in the UK that are major bank operated are still generally Windows XP embedded.

    They have no internet connection, and they are not generally permanently pinned up. They all use ISDN2e to call up huge arrays of modems generally in Banking DC's.

    They only real way to crack them is physically via a USB attack or such like. So you need to gain access to the unit within the locked cage itself.

    Also lots of people mentioning NHS computers. Ive also done alot of NHS work in the past, and again "Generally" the machines that are still running XP are on nhs.net which is an internal mpls network which does not have any external access. Only the internal nhs.net Intranet.

  12. spold Silver badge

    Combined attack

    Other than hacking the machine and convincing it to spew spondooly, then a physical attack might be simpler. However (and I've no idea if it is connected) anything you could do to disable any dye pack trigger would also be great. Then you can just hack it with a pickaxe or something.

  13. Anonymous Coward
    Anonymous Coward

    They never should have abandoned OS/2

    1. jake Silver badge

      Who is "they", Kemosabe?

      "We" haven't abandoned OS/2. See http://www.ecomstation.com and/or https://www.arcanoae.com/ for more.

    2. silks

      Security by obscurity there! #OS/2

  14. Richard Lloyd

    Knock once for reboot...

    The coin deposit machine in my local HSBC branch runs XP - I know because it spectacularly crashed with virus-like red stripes on the screen just as it finishing totalling my coin deposit (luckily, I got the receipt just as it died completely).

    An assistant knocked once on the wall and the machine rebooted with the XP logo in clear view. Yes, I initially thought they'd cleverly installed a reset switch in the wall, but it turns out that there was a back office behind the wall and when someone knocks on the wall, a human operator does a reboot (probably a power cycle?) because it obviously crashes so often.

  15. NiceCuppaTea

    First sentence pissed me off more than it should

    ATM Machine? WTF that's almost as bad as PIN Number.

    Automated teller Machine Machine and Personal Identification Number Number

    grrrrr....... that is all.

    1. Martin 59

      Re: First sentence pissed me off more than it should

      It's called RAS syndrome, if it gives you a headache I recommend some NSAID drugs.

  16. Christian Berger

    One has to consider that such systems are somewhat different in the US

    In Europe one central idea is to have the computer itself inside physical protection, so you shouldn't be able to get to any ports.

    1. jake Silver badge

      Re: One has to consider that such systems are somewhat different in the US

      And that's different from the boxes in the US ... how, exactly?

  17. Ken Moorhouse Silver badge

    Secure boxes

    I got involved in the building and commissioning of a jewellery store some years ago. I happened to be on site when the display cases arrived. The builders were saying "FFS be careful, don't want any dents in these!" The member of staff showing me around smiled and said he thought there wasn't much chance of that happening as they were designed to withstand an armed robbery.

  18. Obesrver1
    Holmes

    Thieves don't care...

    they just: ~

    # Pump in some gas then ignite it and it blows the ATM out of the wall;

    # Tie a rope around it and then to their 4WD four wheel drive and rip it out dragging it from the shopping mall;

    # Stick a false front on it and collect your pin and card info then rip off your & other peoples money in the accounts;

    #.......

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like