1. BlueStreak67's Avatar
    I was reading an interesting article and thought this may be a potential QNX opportunity.

    According to the following article hackers can now access and remotely dispense money by texting compromised ATM machines.

    Texting ATMs for Cash Shows Cybercriminals’ Increasing Sophistication | Symantec Connect Community

    According to the article 95% of the world's ATMs run on Windows XP and these machines are the ones susceptible to this vulnerability. Doing a bit of research the ATM Industry Association estimated there are approximately 2.2 million ATMs (2011) worldwide. That equates to 2+ million ATMs that are vulnerable, and with the discontinuation of XP support this could be an on-going concern.

    With QNX designed to be a secure platform do you think this would be a good fit?

    BlackBerry could potentially offer a more secure financial transaction based solution. I just learned of BBM Money today, but down the road perhaps BBM Money and QNX-based ATMs could be tied together. Existing ATMs could be made more secure, we could access BBM money from ATMs, etc.

    Your thoughts?
    03-26-14 12:32 AM
  2. lnichols's Avatar
    Sure it is, but BlackBerry seems content on just cars and phones at the moment, and haven't shown any great ability over their existence to multi task or take on new ones without neglecting the existing ones, and the company out its future in question with the for sale sign. People do remember this. I sent something to QNX asking them why not make a BB10 powered head unit for cars or work with someone already in the market and they replied that isn't what they want to do.

    There is a thread here asking if BlackBerry should provide great software OR hardware. Why would they ask this? Because people who know BlackBerry know they have a history of not being able to walk and chew gum at the same time. I hope Chen can fix this myopic issue at BlackBerry.

    Posted via CB10
    03-26-14 06:22 AM
  3. Sith_Apprentice's Avatar
    Sure it is, but BlackBerry seems content on just cars and phones at the moment, and haven't shown any great ability over their existence to multi task or take on new ones without neglecting the existing ones, and the company out its future in question with the for sale sign. People do remember this. I sent something to QNX asking them why not make a BB10 powered head unit for cars or work with someone already in the market and they replied that isn't what they want to do.

    There is a thread here asking if BlackBerry should provide great software OR hardware. Why would they ask this? Because people who know BlackBerry know they have a history of not being able to walk and chew gum at the same time. I hope Chen can fix this myopic issue at BlackBerry.

    Posted via CB10
    Hardware is a different issue. I suggested they drop hardware altogether, because they are losing their lunch on it. But that is a different thread entirely

    As for the ATMs, retooling all of them would be a huge expense to banks all over the country/world. Could you imagine writing an entirely new front AND back end for these? It makes sense for them to simply upgrade in place and keep things running "mostly" as they are. Do I think BlackBerry could do well here? Yes, absolutely I do. But I dont think they have the resources for this kind of endeavor right now.
    olakailan likes this.
    03-26-14 06:25 AM
  4. rizdragon's Avatar
    the potential of QNX are endless... but working and going forward on any given potential costs time, money and human resources which BB seems to have in limited supply right now. additionally, in my opinion, and i could be totally wrong here, the banks would have to change some hardware in the ATMs and also some hardware at the back end. then there is the integration issue to handle as systems at the bank's side would be windows based. so a lot of change, trial and error and investment in terms of resources and time would be required by the banks as well. and i don't think they would be willing to spend so much money on securing ATMs unless something major or significant happens.
    03-26-14 07:48 AM
  5. BlueStreak67's Avatar
    Sure it is, but BlackBerry seems content on just cars and phones at the moment, and haven't shown any great ability over their existence to multi task or take on new ones without neglecting the existing ones, and the company out its future in question with the for sale sign. People do remember this. I sent something to QNX asking them why not make a BB10 powered head unit for cars or work with someone already in the market and they replied that isn't what they want to do.

    There is a thread here asking if BlackBerry should provide great software OR hardware. Why would they ask this? Because people who know BlackBerry know they have a history of not being able to walk and chew gum at the same time. I hope Chen can fix this myopic issue at BlackBerry.

    Posted via CB10
    My hope is things have changed since they have aligned their company into 4 key areas, one being QNX to my understanding.
    03-26-14 07:51 AM
  6. BlueStreak67's Avatar
    Hardware is a different issue. I suggested they drop hardware altogether, because they are losing their lunch on it. But that is a different thread entirely

    As for the ATMs, retooling all of them would be a huge expense to banks all over the country/world. Could you imagine writing an entirely new front AND back end for these? It makes sense for them to simply upgrade in place and keep things running "mostly" as they are. Do I think BlackBerry could do well here? Yes, absolutely I do. But I dont think they have the resources for this kind of endeavor right now.
    ATMs "randomly" dispensing cash could also be called a huge expense. I agree the available resources could be a limiting factor, that aside I think this could be a good fit.

    I was not considering the hardware of making the machines (at least not in the early stages) I was thinking secure software that runs the machines and should be more difficult to compromise.
    03-26-14 07:54 AM
  7. BlueStreak67's Avatar
    the potential of QNX are endless... but working and going forward on any given potential costs time, money and human resources which BB seems to have in limited supply right now. additionally, in my opinion, and i could be totally wrong here, the banks would have to change some hardware in the ATMs and also some hardware at the back end. then there is the integration issue to handle as systems at the bank's side would be windows based. so a lot of change, trial and error and investment in terms of resources and time would be required by the banks as well. and i don't think they would be willing to spend so much money on securing ATMs unless something major or significant happens.
    What you say makes a lot of sense. Maybe BBM for Windows phones will lead to BBM Desktop which could lead to BBM/QNX type integration. I'm not a software guy so I don't know the intricacies.

    BlackBerry Link has to work within the Windows framework, do you think it would be a big leap to.have a QNX program communicate with windows systems?
    03-26-14 07:58 AM
  8. Sith_Apprentice's Avatar
    ATMs "randomly" dispensing cash could also be called a huge expense. I agree the available resources could be a limiting factor, that aside I think this could be a good fit.

    I was not considering the hardware of making the machines (at least not in the early stages) I was thinking secure software that runs the machines and should be more difficult to compromise.
    The cheapest route would be to upgrade to Windows 7/8 and this bug is squashed. They dont have to do any major redesigns. I was not talking about hardware either, but refitting every ATM with a completely different operating system, and redoing back end servers to connect to those ATMs would be a massive undertaking.
    03-26-14 08:02 AM
  9. rthonpm's Avatar
    There are a few flavours of XP that ATMs use. Most are using XP embdedded, which is a variant for use with industrial devices or other browserless systems. Microsoft is still supporting XP embedded for a few more years. The rest are just using a stripped down version of XP professional that just launches the UI for the ATM or other device, these will be out of support.

    QNX could be made to run ATMs, just like anything else, but the real issue isn't manpower at BlackBerry, or QNX (which is run like its own company), but with the expense the banks and other institutions would have to take. Since the outlay would be great enough to affect their bottom line, so C-level executive is going to put his stock performance bonus on the line for it. The way they look at it: it's cheaper to settle lawsuits than it is to make that kind of major change to their overall infrastructure.
    03-26-14 08:03 AM
  10. BlueStreak67's Avatar
    The cheapest route would be to upgrade to Windows 7/8 and this bug is squashed. They dont have to do any major redesigns. I was not talking about hardware either, but refitting every ATM with a completely different operating system, and redoing back end servers to connect to those ATMs would be a massive undertaking.
    I have to admit I am a fan of your forum handle!

    I would agree upgrading to another version of windows would be ta cheaper route. This approach would also cost additional money money as well and make need some work to make all the back-end stuff work with a different version of Windows. Either way this was not likely anticipated by the banks and financial institutions and they may have second thoughts about using Windows moving forward based on this experience. (Think of legacy BB users who have no idea about BB10 and assume it is rot with the same issues).

    Upgrading every ATM would be a massive undertaking and the wrong approach in my opinion. I am looking at this as an opportunity to break into a new market. Start small and grow and develop from there.

    To use an example that relates in a few ways to this story: If Chrome Books set out and said I want to convert every Windows based laptop and computer in the US market that might not make sense (short-term). But they appeared have looked at the market and identified an opportunity for their product. According to some numbers the market share grew from 0.2% (2012) to 10% (2013) which is pretty significant in a short period of time. This appears to be partly due to failures with Windows 8 and ChromeBooks have taken advantage.

    Chromebooks pick up 10% of the computer market in 2013, capitalizing on Windows 8′s failure | ExtremeTech

    I think the best approach is divide and conquer, start with niches and small-segments, dominate those and grow from there. This is how FB became such a success, they started with a social network for classmates, a school, a group of school, post-secondary institutions, .... they slowly dominated different segments and grew from there. I read an article speaking to this point a couple-few years back but cant see to find it.

    I have to admit when FB was starting to get popular I was recently graduated from school and because I no longer had a post-secondary school email address I couldn't join. I had friends and family on the site and it really did make me feel like I was missing out. I felt excluded and wanted to be with the "in" crowd. Although today is a different story, this is the impact their divide and conquer strategy had on me back then.
    03-26-14 08:27 AM
  11. BlueStreak67's Avatar
    There are a few flavours of XP that ATMs use. Most are using XP embdedded, which is a variant for use with industrial devices or other browserless systems. Microsoft is still supporting XP embedded for a few more years. The rest are just using a stripped down version of XP professional that just launches the UI for the ATM or other device, these will be out of support.



    QNX could be made to run ATMs, just like anything else, but the real issue isn't manpower at BlackBerry, or QNX (which is run like its own company), but with the expense the banks and other institutions would have to take. Since the outlay would be great enough to affect their bottom line, so C-level executive is going to put his stock performance bonus on the line for it. The way they look at it: it's cheaper to settle lawsuits than it is to make that kind of major change to their overall infrastructure.
    Do you think it could work if they started small and worked from there? I wouldnt think they would need to land an elephant in the early stages but regional banks, or even companies institutions that implement bank machines at various locations (Hospitals, casinos, etc.)

    I do not think it has to be a massive undertaking to change all machines at once. They could also look at approaching ATM companies themselves and working with them not the banks directly.

    Think what a differentiator this could be for an ATM company competing for business with someone who's system has a known security flaw. Even if it has been fixed if you are using the same framework (windows) it may not put someone at ease, especially if they were affected by the flaw.
    03-26-14 08:32 AM
  12. sjmartin007's Avatar
    OMG please read the article again and tell me if any of that BS makes sense. Have you ever seen anything done the way the article says it's done. I have been to many places in this world but I haven't seen a USB on the customers side of a ATM. Have you? If so let me know I would be there like these hackers with my bag and cell. Lol

    And windows Xp is still safe running XP. ATM are not connect to the Internet only the banks intranet. again how are you going to gain access to an ATM software with out direct access to it OS.
    Articles like this is send the wrong message to people. Symantec should be ashamed of releasing such misinformation.



    Posted via CB10
    03-26-14 09:07 AM
  13. BlueStreak67's Avatar

    And windows Xp is still safe running XP. ATM are not connect to the Internet only the banks intranet. again how are you going to gain access to an ATM software with out direct access to it OS.




    Posted via CB10
    I am not well versed in this area, but it appears to me they gain access through the phone and SMS, not the internet. Like an external keyboard or I/O device sending instructions to the machine.

    If the ATM is not attached to the Internet than neither too should the keypad on the ATM, but it too can be used to dispense cash.

    As for how hard or easy it is to do I am not sure. I would imagine you would need a "insider" to access the machine. Once this is done it seems a little to easy to compromise for my liking!
    03-26-14 09:29 AM
  14. sgny's Avatar
    XP is considered seriously inferior to Windows Vista in terms of security; in fact Microsoft's troubles with security was what led to long delays following an extensive effort on security with Vista including requirement of new drivers and adding features like UAC that annoyed users. Windows 7 and perhaps 8 can only be better choices than Vista, yet alone XP for any application that requires a modicum of security.

    If banks have not transitioned to at least Vista or 7 by this stage, it's either because their setup is safe behind corporate firewalls and they don't need the additional security and/or they are too reluctant to make any changes. The cost of keeping up with Windows upgrade fees isn't even worth considering when you compare that cost with what it would cost them to commission properly audited new front-end software that runs on any other OS. QNX wasn't an unknown player and presumably banks had no interest back then and there is no reason to assume they would now, especially when as an alternative to Windows, Linux has proven itself in any setting you may imagine. So QNX has to be justified over both the status quo choice of Windows and Linux with which everybody is very familiar. Finally, 2 million installations is nothing in the grand scale, especially when the competing solution is much more straightforward and much cheaper and therefore customers cannot be "shaken down" too much. If QNX is able to gain a foothold in car systems, they would be looking at a market with tens of millions of units, every year. ATMs would only be a distraction that might cost development time and money and bring almost no revenue to even cover that.
    03-26-14 10:03 AM
  15. BlueStreak67's Avatar
    XP is considered seriously inferior to Windows Vista in terms of security; in fact Microsoft's troubles with security was what led to long delays following an extensive effort on security with Vista including requirement of new drivers and adding features like UAC that annoyed users. Windows 7 and perhaps 8 can only be better choices than Vista, yet alone XP for any application that requires a modicum of security.

    If banks have not transitioned to at least Vista or 7 by this stage, it's either because their setup is safe behind corporate firewalls and they don't need the additional security and/or they are too reluctant to make any changes. The cost of keeping up with Windows upgrade fees isn't even worth considering when you compare that cost with what it would cost them to commission properly audited new front-end software that runs on any other OS. QNX wasn't an unknown player and presumably banks had no interest back then and there is no reason to assume they would now, especially when as an alternative to Windows, Linux has proven itself in any setting you may imagine. So QNX has to be justified over both the status quo choice of Windows and Linux with which everybody is very familiar. Finally, 2 million installations is nothing in the grand scale, especially when the competing solution is much more straightforward and much cheaper and therefore customers cannot be "shaken down" too much. If QNX is able to gain a foothold in car systems, they would be looking at a market with tens of millions of units, every year. ATMs would only be a distraction that might cost development time and money and bring almost no revenue to even cover that.
    Thanks for the input sgny, you make some interesting points here and look to have a more in-depth knowledge in this area.

    Perhaps it is complacency or they do not see an issue... if it isn't broken don't fix it. Windows security aside I was curious if people thought this was a market that would make sense for BB/QNX and perhaps a market of 2.2 million isn't sufficient to justify the resource requirements to make this work if it makes sense.

    As for QNX not being used in ATMs at present, there had to be a time it wasn't used in Nuclear reactors, cars, etc as well, but it is now. New avenues of business have to start somewhere, and I thought this area may tie in well with BBs focus on security. ATM software adoption could go a long way towards the trust in BB's secure software offerings.
    03-26-14 10:25 AM
  16. sgny's Avatar
    As for QNX not being used in ATMs at present, there had to be a time it wasn't used in Nuclear reactors, cars, etc as well, but it is now. New avenues of business have to start somewhere, and I thought this area may tie in well with BBs focus on security. ATM software adoption could go a long way towards the trust in BB's secure software offerings.
    I can't claim to be an authority, but I've posted what I have learned over years of following the market. There is a lot of entrenchment, CYA concerns, etc. that lead to, as you've put it, "don't fix it, if it's not broken" choices. It takes a lot of resources to make sure that the new solution does not introduce new issues, so any transition is best avoided unless there is a compelling reason.

    As for nuclear reactors, Windows and even mainstream Linux are not really alternatives to QNX because those are not real-time operating systems where the system must not only be responsive, but also be consistent in how long it takes to respond to requests. In that market QNX and VxWorks are the big dogs, but the market itself is quite small. I don't believe ATMs are quite that time critical; as long as each transaction properly succeeds or fails, it doesn't matter if it take 10 or 100 microseconds. Being a realtime OS is not really an important differentiator to choose QNX over anything else for a consumer, but then QNX is a good, reliable base to build something like BB10 on top as Blackberry have done.
    03-26-14 10:52 AM
  17. BlueStreak67's Avatar
    I can't claim to be an authority, but I've posted what I have learned over years of following the market. There is a lot of entrenchment, CYA concerns, etc. that lead to, as you've put it, "don't fix it, if it's not broken" choices. It takes a lot of resources to make sure that the new solution does not introduce new issues, so any transition is best avoided unless there is a compelling reason.



    As for nuclear reactors, Windows and even mainstream Linux are not really alternatives to QNX because those are not real-time operating systems where the system must not only be responsive, but also be consistent in how long it takes to respond to requests. In that market QNX and VxWorks are the big dogs, but the market itself is quite small. I don't believe ATMs are quite that time critical; as long as each transaction properly succeeds or fails, it doesn't matter if it take 10 or 100 microseconds. Being a realtime OS is not really an important differentiator to choose QNX over anything else for a consumer, but then QNX is a good, reliable base to build something like BB10 on top as Blackberry have done.
    Thanks for sharing I did not know how QNX differed from other alternatives, it sounds like it is more dynamic which would be advantageous in many different scenarios (like the nuclear reactors you mentioned).

    if this is the key advantage of QNX there may be many different applications where QNX would be ideal vs the one considered here.
    03-26-14 10:57 AM
  18. Ment's Avatar
    If the ATM peeps aren't willing to shell out money to upgrade their existing system why do you think they'd pay even more money to implement a new one?
    03-26-14 11:05 AM
  19. sjmartin007's Avatar
    Windows Xp is a more stable os than Vista or 7. Xp be has been around for 10 years thus patches and updates are far less then the newer installations of windows os. What makes Xp vulnerable is IE. This is the reason a great deal of companies haven't upgraded. You have to look at the architecture of the banks computer system. Besides running XP many companies still are running older server software.

    In terms of a ATM and this article it's not something to worry about Xp will continue to be used, until phased out, as the OS because of it longevity and robust nature.

    So I am.not sure how Qnx can be added without being added virtually.

    Posted via CB10
    03-26-14 11:07 AM
  20. BlueStreak67's Avatar
    If the ATM peeps aren't willing to shell out money to upgrade their existing system why do you think they'd pay even more money to implement a new one?
    My thoughts were if there machines have a glitch that allows the ATM to compromised and "randomly" dispense money it would be good incentive. From what I am hearing it doesn't sound to be a major concern at this time.
    03-26-14 11:14 AM

Similar Threads

  1. Is BlackBerry intentionally being deceptive to potential American Z30 buyers?
    By raino in forum General BlackBerry News, Discussion & Rumors
    Replies: 14
    Last Post: 03-24-14, 10:02 PM
  2. Gracenote automotive -Music technology demo POWERED BY QNX WATCH VIDEO
    By FOR RIM in forum General BlackBerry News, Discussion & Rumors
    Replies: 2
    Last Post: 03-22-14, 10:43 AM
  3. QNX/BB10 Security Concerns
    By SEAWARRIOR in forum BlackBerry 10 OS
    Replies: 3
    Last Post: 03-18-14, 02:59 PM
  4. Top ten for a potential BlackBerry convert!
    By d987654321 in forum General BlackBerry News, Discussion & Rumors
    Replies: 23
    Last Post: 03-16-14, 04:50 PM
  5. Evolution of BBM and QNX
    By TheBBguru in forum General BlackBerry News, Discussion & Rumors
    Replies: 4
    Last Post: 03-15-14, 12:51 PM
LINK TO POST COPIED TO CLIPBOARD