Diebold spokesperson Tiffini Bloniarz could not say whether the company's current strategies are the result of the August infection of ATMs by Nachi, but she told TechNewsWorld that the company is working with Sygate to protect its cash machines with firewalls.
Success is just a matter of knowing the right "secrets." Download the free eBook, "The Edge of Success: 9 Building Blocks to Double Your Sales." You will discover the fastest, most effective ways to grow your business and still have time to live your life.
Concerns about computer viruses and worms are spreading beyond the PC arena as embedded software and systems vulnerable to attack are introducing risk to several unique technology sectors, including automatic teller machines (ATMs), emergency response systems and even automobiles.
ATM maker Diebold recently confirmed that this year's Nachi worm infected cash machines of two U.S. banks, highlighting the risk associated with using a Windows-based operating system, which is more popular and therefore more commonly targeted by attackers.
Last January, the Slammer worm knocked out an unpatched 911 emergency response system in Bellevue, Washington, forcing authorities there to switch to manual mode. Such attacks are almost inevitable because the integration and deployment of hardware has become incredibly complex, making auditing and patching insurmountable tasks, iDefense malicious code intelligence manager Ken Dunham told TechNewsWorld.
In addition, Dunham said, increased use of embedded software and systems could have unforeseen side effects that could be devastating.
"The more integrated computers are into our society -- the more they're used to control things remotely -- the more risk there is for a code-based or computer-based attack," he said. "It could be everything from the gate that lets you out of the parking lot, to your car, to the microwave, to the server that investigators use to catch the bad guys."
Locked Down, Not In
Concerns about attacks on embedded systems also have heightened as several companies and industries have transitioned, much as Diebold did, from old operating systems such as IBM's (NYSE: IBM) OS/2 software for ATMs to Windows versions, such as XP Embedded.
Dunham said the key to securing embedded software and systems -- which often hide software vulnerabilities more than other, more prominent software -- is releasing it only after extensive testing and without major bugs, "so you don't have situations where people are locked in their cars or have access restricted."
He added that, much like PDAs and mobile phones, the attack opportunity on an embedded software machine is limited by the processing power and other capabilities of the device. However, the case of the infected Diebold cash machines and Slammer's impact on emergency services illustrate that risk remains.
"We may think [embedded systems] are hard to attack, but the incidental effects of attacks have shown that's not the case," Dunham said.
Firewall for Cash
Diebold spokesperson Tiffini Bloniarz could not say whether the company's current strategies are the result of the August infection of ATMs by Nachi, but she told TechNewsWorld that the company is working with Sygate to protect its cash machines with firewalls.
"With security becoming an increasing priority as ATMs migrate to Windows and TCP/IP networks, Sygate and Diebold are working together to ensure Diebold ATMs are equipped with the highest degree of protection against misuse and malicious intent," said a statement from Diebold.
The ATM and electronic voting machine vendor, which recently retracted legal threats over criticisms of the security and administration of its elections machines, said it will begin shipping the Sygate Security Agent software with ATMs by the end of this year. Diebold also has offered to install the software on existing ATMs, the company said.
Bloniarz said Diebold produced about half of the estimated 200,000 bank-owned ATMs in the United States, but she added that the company is not sure how many are running Windows.
Fear of Unknown
Dunham said concerns about attacks on embedded software and systems are even more significant than attacks on standard PCs, considering that the issues to date have involved secondary or incidental effects, such as bringing down emergency systems.
"These side effects are impacting things, and attackers are learning from it," he said. "Once we have a targeted attack, we'll have a real significant situation on our hands."
He added that the true effects of migrating to the heavily targeted Windows environment will not be fully realized until attackers pounce on vulnerabilities.
"Considering embedded software and firmware solutions, we are going to have more concerns about what we don't know," Dunham said.
IT Spending Growth, Direction Predicted December 09, 2003
While there is still some uncertainty as to whether increased business confidence will translate to increased IT spending, Gartner vice president of marketing Alexa McCloughan told TechNewsWorld that the company's October survey of 600 customers indicates controlled spending will replace no spending.
Microsoft Trumpets First CRM Upgrade December 08, 2003
Microsoft is targeting CRM 1.2 primarily toward SMBs, as well as divisions and departments of larger organizations. Aberdeen Group research director Karen Smith told CRM Buyer the product is a natural fit for small enterprises, many of which run an all-Microsoft environment.
Microsoft To Phase Out Several Products for Java Lawsuit Compliance December 08, 2003
Yankee Group senior analyst Laura DiDio said the phase-out comes according to plan and should surprise no one, adding that customers have maintained legacy software systems as much as possible through the economic downturn.
Changing Ideas, Not Just Platforms December 04, 2003
If you understand core Unix philosophies like user empowerment or how small, effective programs combine with large-scale systems to produce extraordinary results, then you should spread the word. Become a Unix mentor; find some benighted MCSEs and quietly coach them.
AOL Dangles $299 PC To Lure New Subscribers December 04, 2003
In its most recent earnings report, AOL parent Time Warner said America Online lost more than 800,000 full-service dial-up subscribers during the period. Many of those users stepped up to broadband options or migrated to less-expensive dial-up alternatives.
Related News Alerts
More by Jay Lyman
Open Source Developer Dumps Novell Over Microsoft Deal December 26, 2006
A key open source developer, Jeremy Allison, who cofounded the Samba project, has resigned from Novell in protest over the company's recent agreement to enter a collaborative arrangement with Microsoft. The deal has created an uproar in the open source community because it does not treat all recipients of the GPL equally and thus violates the spirit of the license, critics say.
Financial Firms Tap Microsoft for Linux December 22, 2006
Three major financial institutions are among the first companies to go to Microsoft for Linux services, provided through an agreement the software giant struck with Novell. Although a recent survey showed customer approval of the collaboration, many members of the open source community view Novell's move as sleeping with the devil.
Mozilla Beefs Up Security in Firefox 2.0 December 21, 2006
Mozilla's latest update to its open source Firefox browser includes security measures targeting phishers. Phishing scams that use social engineering techniques to dupe Web surfers into revealing personal financial information have become an effective way for cybercriminals to conduct their nefarious activities on the Internet.
Headline Feeds
Talkback: 
