Russia State Bank ATMs Running Windows XP Can Be Hacked Easily With Sticky Keys

Simply pressing Shift 5 times on Windows XP powered ATMs from Sberbank allows hackers to easily access the system.


2017 has shown that cyber threats are very much here to stay and will almost certainly increase in frequency and severity. has not escaped these attacks. The company's old Windows were hit hard by Wannacry this year. Now has been found with a new problem.

A Russian employee shared information on a blog suggesting ATMs operated by Sberbank have inherent security holes in their systems. Sberbank is a state owned bank and its ATM's are mostly still running Windows XP.

The vulnerabilities could allow hackers to easily access the ATMs. In his post, the employee claims the ATM interface can be bypassed simply by pressing Shift 5 times. This opens Sticky Keys, which allow hackers to access the whole ATM Windows XP operating system. In turn, this would allow attackers to modify the software and deploy malicious content.

Sberbank has known about the vulnerability for several weeks but has yet to issue a fix. The employee says he has tested ATMs again and the flaw remains. Microsoft has urged the bank to fix the problem and to upgrade from Windows XP to .

XP Legacy

While Microsoft is involved in this story, it is only by proxy. The company has not supported Windows XP for years, which means the company no longer protects it. XP was launched back in 2001 and became hugely successful, especially in the enterprise market.

Of course, XP was not built to last, but businesses are still using the OS to this day. Indeed, over 5 percent (6 million) of PCs are still running Windows XP. The number is decreasing, but it is still worrying that so many enterprise customers rely on obsolete software.