Windows XP ATM Machine “Hacked” by Simply Pressing Shift Five Times in a Row

Share this…

Bad configuration leaves ATM exposed to further hacks. We’ve known for a while that ATM machines running Windows XP (Embedded version or not) are exposed to attacks, but when we mix the lack of updates with bad configuration from IT admins what we get is a vulnerability that’s worryingly easy to exploit.

One of the users of Russian blogging platform Habrahabr discovered that an ATM machine operated by state-owned bank Sberbank runs Windows XP and suffers from a security hole that makes it possible for pretty much anyone to completely hack it.

While it’s not hard to figure out what hacking of an ATM machine means, it appears that the full-screen lock system that prevented the ATM interface from accessing other parts of the operating system could be bypassed by simply invoking Sticky Keys.

This is a feature that’s part of Windows XP and which can be easily enabled by pressing Shift for five times in a row, in its turn providing access to Windows settings and bringing up the taskbar and the Start menu.

Bank not in a rush to fix the problem

As you can see in the video demonstration below, “hackers” could be able to easily reach other parts of the operating system using only the touch screen, which obviously opens the door to a series of malicious activities that can be performed, such as deploying software and modifying boot scripts.

The worst thing is that Sberbank appears to be aware of this problem, but it hasn’t moved a single finger to take care of it. German site WinFuture writes that the bank was informed of the vulnerability more than two weeks ago, and although it promised an emergency fix to address it, the same exploit still worked earlier this week.

While this isn’t an issue related to Windows XP no longer receiving security updates, it’s also worrying that there still are many banks out there running the operating system launched in 2001. For what it’s worth, the last updates for Windows XP were shipped in April 2014 (except for one emergency patch blocking the WannaCry ransomware released earlier this year).