We have an ATM in the front lobby of my place of employment. It has a very traditional user interface – plain white text on a blue background, very simple limited commands and outputs.
I have always been under the assumption that these machines ran on a variant of DOS – perhaps PC-DOS or something else. I figured that if they needed anything fancier, they might use a lightweight Linux installation. However… Every once in awhile our machine starts having hiccups and something that appears to be a Windows task bar flashes on the bottom of the screen for a very brief moment.
So, my questions:
What operating systems are used by ATMs?
Which is most common?
Is there a special variant of Windows for these applications, or is our machine running an ancient unpatched version of Win98?
How about OS patches and the like?
You’d be surprised what runs under Windows. Windows CE is a very common embedded operating system, and it’s widely used throughout industry. The space shuttle crawler that moves the shuttle to the pad is controlled by CE. Hundreds of factories have PLCs that are controlled and programmed with CE. It’s all over the place.
It’s true that quite a few public systems such as ATMs and departure information boards are running under some version of Windows; the occasional appearance of the Blue Screen Of Death in such places has been enough to engender a running joke at fark.com - any photoshop competition thread that includes a monitor (or often just something vaguely rectangular) in the original picture is almost guaranteed to get a BSOD entry.
What I find scary is that one of the Wachovia ATMs in New Haven has a nice, big Diebold logo above the screen. Every withdrawl is a vote for Bush since you’re obviously trying to “own something”.
I did development work in OS/2 for a number of years on a particular project at work. Our production network was physically inaccessible from our development network, so we often had to transfer files on diskette between the two systems. I had an annoying habit of leaving a diskette in my development box when I turned it off for the night, and when I started it up in the morning I would get the “Non-System Disk or Disk Error” message when it tried to boot off the floppy.
I had heard that a lot of ATMs used OS/2 as the operating system, and it made sense because OS/2 was much more stable than DOS or Windows. However, it wasn’t until the day I drove up to the ATM and saw OS/2’s “Non-System Disk or Disk Error” message on the ATM screen that I knew it was true!
Oh, and not that this is still a point of serious debate, but to prove that ATMs use Windows, I’ve posted links to web sites owned by 3 of the larger ATM manufacturers in the US mentioning that their products use or can optionally use Microsoft Windows XP.
Cool. Thanks for all of the responses (and I suppose I should have searched a little better for this one before posting :)).
I guess I have always naively assumed that those machines used either a carefully written proprietary OS or some no-nonsense simple variant of DOS. Just didn’t make sense to me to introduce all of the complexity of Windows. I now know otherwise.
The good news is that they are likely relatively simple applications that run on the front end. I’m guessing (I’m a programmer, but not for ATMs) that the grunt work is all done via SQL transactions, thus allowing for things like rollbacks. That would protect your money even if the ATM had some sort of problem such as a BSOD.
Slammer did shutdown ATMs (most notably Bank of America) but not by nailing the ATMs themselves. Slammer hammered the backend SQL databases so the ATMs had nothing to talk to and stopped working.
ATMs are usually hooked up to a leased line these days but some still use modems and dial-in to the mothership for their info (I hate running into those but they are cheaper for banks to install and operate…if an ATM is a low traffic one it is more likely to be a dial-up). The ATM (usually) connects to an ATM host processor which then accesses your bank records. They use the centralized host as it is what is able to talk to different financial institutions so you can get money from a machine run by a different bank than the one you use. The money is then transferred (electronically) to the host processor and the host processor sends an ok to the ATM to dispense cash. As a result there is not much trouble that can be caused by nailing ATMs themselves and they are fairly insulated from viruses and the like as any data they get comes from the host and nowhere else.
Sorry, yes, I misremembered the details of it. It’s still rather scary though. The SQL servers controlling the ATM’s were publically accessable via the internet. Joe Bloggs could have hacked in and told the SQL server that he as $1,000,000 in his account then walked to any ATM and withdrawn that money.