I would like to see an ATM running Mac OS X, even if it's just a hackintosh. I imagine it would exceed most current standards for ATM security.

@Nick1693: A platform is only as locked down as the person who set it up. Even with OSX, you can easily run a keylogger or one of these programs. Here it's not the OS in use, but how it's setup.

I just can't figure out why ATMs run on Windows.

But: I don't think the CSC code is on the mag strip, and I doubt that the ATM OCRs the code.

@Hastin: exactly, providing the ability to run programs based on an easily copyable card? tsk tsk.

@Hastin: Exactly. A lot of people are confused when it comes to OSX security. It's not that the OS is invulnerable. Far from it. It's just that it holds such a tiny market share that writing malware for it is pretty much pointless. Most businesses (including banks), run on Windows. Since that's where the big money is, that's what the malware is written for. If all these businesses were running OSX, it would be pretty much the same story. The OS is far from invulnerable, even though Apple would like you to think otherwise.

BTW, I use OSX, and I love it.

@Nick1693: Seeing as how this has to start from someone with access inside the bank, it wouldn't matter much whether it was a Mac or not.
Well, with a Mac based system, you'd get to hear this as your card info was stolen.

LOVE The Doctor Who reference!

All the more reason to avoid using automated, employee free, cash-saving (for the corporation) automatons. But feel free to continue, its DEFINITELY worth the hassles...

@YOXIM: I would say that Mac OSes have enough of a market share to make a Malware attack valuable, but the fact that people have tried and failed certainly proves something.

*sigh* ATM machines running windows.. you are doing it wrong...

Obligatory xkcd link:

[xkcd.com]

@brianary: It's because Windows CE is dirt cheap.

@Radi0logy: I never use ATMs for actual transactions like deposits or withdrawals, but I have to use them sometimes if the bank is closed and I need some cash, or if I for whatever reason am in a situation where I can't use my card. I don't really see them as cutting jobs unless you're using them as the teller instead of going inside.

@Nick1693: And yet instead of embracing a new market for their software, Apple would probably sue the hell out of Diebold and whoever else tried to do that...

My distrust of ATMs continues. I don't think I've used one in 3 years.. of course, that could also be because the ATM I'd most be interested in is right next to the bank branch in the store I would likely need to use it in. :-p

Why do the ATMs have hard drives? What data do they need to keep that can't be kept in BIOS/RAM?

I now love you, Laura Northrup. And let me say, you're a beautiful woman, probably.

@YOXIM: That's only partly true. OsX does have a much smaller market share (particularly among banks), making it less attractive for malware programmers, the fact that it was built from the ground-up with security in mind, along with the closed architecture makes it a lot more secure than windows and a lot harder to write viruses for.

@enthreeoh: Plants vs. Zombies.

@Daniel Parmelee:
But linux is free, and available in high security and embeddable versions.

@YOXIM:
I think the low marketshare argument is bunk. You have to think like a cracker, and realize that if you made the first successful OSX (or Linux) virus/worm/malware, you would receive tons of recognition, and 'success'. That prize is of huger value to many of the cracker types

@Radi0logy: Not sure if you've noticed, but most banks are open longer hours and more days than they were before the proliferation of ATMs. So they're definitely not leading to a decrease in paid bank staff.

As far as the risks, do you know anyone who has been scammed by a card skimmer? Do you know anyone who knows someone who got scammed by a card skimmer? I know that I don't. It seems to me that you're far more likely to have your info stolen at a store or restaurant.

@cristiana: When dealing with business networks, as in the case with large banks, marketshare in the consumer and corporate market most likely vary greatly.

IT policies usually dictate what platforms their systems must be built on, and given that the Mac OS's resurgence is relatively recent, it's going to take some time for serious criminals to spend time earnestly trying to exploit it.

Once again - security by obscurity is the crudest form.

Still, I agree with the person who writes the first large-scale, successful Mac exploit will be infamous. Hint: large-scale.

@Nick1693:
You may want to think that through again. There have been many successful attacks on the Mac OS, regardless what Apple claims. Apple has even distributed a virus on thier own CDs. A computer is only as safe as it's user is smart, and using a Mac does not make you any smarter.

@cristiana:
Unfortuently for the Mac OS, when they ran contests to see which OS could be cracked the fastest, Windows, Mac or Linux, the Mac OS was the first to fall. It was actually the easiest one to get in to so that kind of blows holes in your argument as well.

@doctor_cos:

In theory, shouldn't it be safer to use Bank/S&L-based ATMs rather than the "private" ATMs you see in convenience stores, in bars, etc.?

At first glance at least, it would seem that the bank would (or should) have a higher level of security.

this will work once. As soon as the code is available the ATM guys at the banks will block it.

why the hell are atms running windows? What idiots run this buisness???

Diebold@Swizzler121: Diebold is among them. We know how great Diebold is at making secure machines.

Don't use an ATM if you are that paranoid. Are we to give up everything because we are afraid something MIGHT be bad? Hate to burst your bubble, but good and bad things will happen to you all through your life. Then you die.

Yes, be REASONABLE. What percentage of the world's ATMs are hijacked? Even if they took ALL your money the bank would know why because of the installed malware and other customers being ripped off. You are insured by the FDIC. You will get it back. Yes, it is a hassle but so is life. For God's sake, chill out.

@cristiana: But it doesn't matter what OS you're running if someone gains physical access to your machine to make changes. All that changes is the method of obfuscation - and it's easy to come up with all kinds of neat stuff when you're given high-level privileges from the inside. Then again, I hope you already realised that, given how you mention 'high-security' distros.

Also, LINUX. IS. NOT. FREE. I'm not even referring to the time=money bit - Linux IS open-source, but no matter how you cut it you're going to be paying: to have it modified and packaged for your ATM, for full institutional-level support for any issues and the training involved, and any other cost you'd regularly get with a program except the licensing fee.

@Swizzler121: Because it really matters what OS you're running when the implied method of access is from the inside. Right.

@Radi0logy: just for the record, if i ran across an ATM that displayed "AuToMaton" somewhere prominently, i would use it every day. maybe twice.

@enthreeoh:

how about an OS? You could just as easily boot from a cd, but then comes the task of updating the os/apps which is left to the bank employees/service technicians

@cristiana: Success of a virus or worm is determined by how far and wide it spreads. If the market share isn't there to spread to, it can't be successful.

@Swizzler121: The vast majority of ATMs from all manufactures run either Windows XP or Windows CE, while older ones run OS/2

@Nick1693:

hey guyz did you knows that da apple is unhackable!?

stevie jobyjob told me so!

@Sunny Yeung: @Sunny Yeung:

haha yeah Diebold's machines are a pos to begin with

@NatalieEumelus:
that still will not stop code from being loaded into ram

@aja175:
And then someone will write new code. And the saga continues.

@Jacob Morgan: @Thanatos: I second the props on the Dr. Who reference! Great catch Laura!

@MostlyHarmless: Sorry bub. It doesn't matter which OS you're running in this case because a user can be scammed into downloading and installing a program no matter if it's in windows, linux or OS X.

@Nick1693: "It’s really simple. Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs don’t do. Hacking into Macs is so much easier. You don’t have to jump through hoops and deal with all the anti-exploit mitigations you’d find in Windows.

It’s more about the operating system than the (target) program. Firefox on Mac is pretty easy too. The underlying OS doesn’t have anti-exploit stuff built into it." -Charlie Miller, hacker, on his Pwn2Own competition OSX Safari 4 exploit.

http://blogs.zdnet.com/security/?p=2941

@ShiningSquirrel:
True, to a point. It was the first because the "attackers" were given local, hands on access to the machine. Having said that, there are still many ways to hack a UNIX-based OS that isn't set up properly. I do it routinely at work to circumvent attacks from within our own network.
SOURCE

But I tend to agree, OSX isn't impervious. When you're thinking of destroying something, why would you go after 10% of the marketshare that Apple contains vs 88% you could take down running some version of Windows?

Besides, Apple users are too busy smelling their own farts driving their Prius' (or Pri-ii?) being smug because they're obviously better than 90% of the world.

-Posted from my iPhone

@brianary:
Windows is the industry standard. That's why.

I love windows-bashers. They're so easy to rile up. How does one gain 90% market share having such a sub-par product? Cost vs. efficiency, as well as user-familiarity. Make a product that is friendly to use, familiar to end-users, and is fairly reliable while being cost-efficient and you'll have success.

I will say that I love my mint/fedora/unbuntu/backtrack/osx/vista multi-boot laptop though. IBM goodness.

@Nick1693: @Nick1693:

it proves that there are A LOT of old un patched windows based boxes (at work i still get people using windows ME, and are perfectly happy... 2 days ago i had someone ask how much it would cost to upgrade a ME box, i am dead serious) and windows XP, especially pre SP2 was super vulnerable.

macs are a small target, they are further fragmented by power PC and intel based models, their updates work better than microsoft, and are more likely to be required to run software and are harder to pirate.

In an ATM setting I can't really see you needing to install new software all the time. So why don't they have the OS locked down in an embedded state where installing new apps is impossible? You can keep any info you need in a slave HDD without an OS.

Linux (or a BSD) works best in this regard, but you can do the same thing with Windows successfully. No, Windows is not to blame here, it is the people who set the system up. Any OS is only as secure as it's users.

@savdavid: Thank you and all the other commenters talking about "it doesn't matter what OS because it's from the inside". Seriously, it makes me happy to see some sense hastily on the internet these days.

This all seems like an urban myth. Shoot the cash cartridge into the street? Sounds fishy.