Avnet Issues Cybercrime Alert For End Of XP Support

Avnet Embedded says that the forthcoming withdrawal of support for Microsoft’s Windows XP operating system creates a huge cybercrime risk and that businesses are simply failing to take action against the dangers that it represents.
The distributor has published a paper titled – Panic? What panic? Is the industry in denial over the death of XP? – that suggests come April 8th 2014, these businesses will become immediate targets for hackers, putting users’ and consumers’ cash at risk all over the world.
In the paper, Nick Donaldson Software Director of Avnet Embedded explains that the withdrawal of XP support means the end of security patches and updates, leaving many thousands of XP-based payment devices worldwide vulnerable to “zero day” hacker exploits. These devices range from chip and PIN terminals, to EPOS tills, to toll barriers, parking machines, and many others.
Additionally, the withdrawal of support will mean that the PCI (Payments Card Industry) organisation that oversees the security of online transactions will no longer certify these devices and payment methods and may impose fines of up to £400,000 for non-compliance.
Simple migration to a newer operating system, however, isn’t much of an option: the paper explains that neither Windows 7 nor Windows 8 will run successfully on all the devices that XP currently supports, nor offer PCI-compliant security on them. Yet few of the businesses that manufacture, distribute or use these devices have apparently realised this, with 40% of respondents polled saying they had “yet to even start migrating off XP” and 20% saying they “were not planning to do so at all.”
Donaldson comments: “Put simply, many businesses are in denial about the dangers that these changes represent. We are talking here about an instantaneous loss of security that will immediately become exploitable by cybercriminals, leading potentially to the theft of millions. The businesses that manufacture, distribute and use these payment devices and mechanisms have been lulled into a false sense of security that they can simply deploy Windows 7 or 8 to do the same job as XP – but this just isn’t true. Basically, if these businesses don’t identify workable, PCI-compliant alternatives soon, there will be widescale consequences.”