Yesterday, an ATM in Baker Hall at Carnegie Mellon University crashed, or had some kind of software error, and ended up displaying the Windows XP desktop. Some students started Windows Media Player on it, playing a song that comes preinstalled on Windows XP machines. Students took photos and movies of this.
There’s no way to tell whether the students, starting with the Windows desktop, would have been able to eject the ATM’s stock of cash. As my colleague Andrew Appel observes, it’s possible to design an ATM in a way that prevents it from dispensing cash without the knowledge and participation of a computer back at the bank. For example, the cash dispensing hardware could require some cryptographic message from the bank’s computer before doing anything. Then again, it’s possible to design a Windows-based ATM that never (or almost never) displays the Windows desktop, failing instead into a “technical difficulties – please call customer service” screen, and the designers apparently didn’t adopt that precaution.
A single, isolated failure like this isn’t, in itself, a big deal. Every ATM transaction is recorded and audited. Banks have the power to adopt loss-prevention technology; they have good historical data on error rates and losses; and they absorb the cost of both losses and loss-prevention technology. So it seems safe to assume that they are managing these kinds of risks rationally.
Why Diebold voting machines are a stupid idea
another reason, incase you needed more.Via Prof. Ed Felten:Yesterday, an ATM in Baker Hall at Carnegie Mellon University
crashed, or had some kind of software error, and ended up displaying
the Windows XP desktop. Some students started Windows Me
Here’s what I want to know: Who the hell is running Windows Update on this sucker? Is it updated automatically? That would seem to be a great line of attack given all the recent vulnerabilities that allow execution of arbitrary code…
Some European laws have imposed the costs of fraud on consumers by default. When you assign the costs of fraud to one party (the customer) and the costs of anti-fraud measures to another (the bank), you get an underinvestment in anti-fraud measures. The U.S. got this right, assigning both costs to the bank; and it was the U.S. system I was referring to above.
Previous and recent research shows that it is rational for banks – at least in Europe – to not manage the risks at al but just claim the customer has to bear all liability.
I found it very amusing that the ATM in question is made by Diebold, the same company that’s doing most of the U.S.’s faulty e-voting systems.