Windows CE™

Keep Your ATM Secure

There were many factors considered while assessing platforms to power the operating system of Triton ATMs. The decision was to go with Windows CE for several reasons;

CE uses less computing resources, meaning lower-cost hardware, without sacrificing functionality. As a result of the low cost, Triton can offer our customers standard software updates at no charge.

Windows CE is an embedded platform so it can be easily tailored to specific requirements and functionality.

Triton has access to much of the CE operating system source code and can provide updates beyond Microsoft™ support.

The majority of security updates provided by Microsoft are for Internet Explorer issues. Triton ATMs do not use Internet Explorer (Microsoft Edge™) and it is removed from our customized operating system.

Triton ATMs currently run a proprietary, locked-down version of Microsoft Windows CE.  The operating system is customized by Triton to add additional security beyond what is provided by Microsoft.

Triton ATMs are locked down by not providing any access to the OS or internal storage except through our ATM software interface.  Software can only be installed by loading a software update which must be digitally signed by Triton.

Triton ATMs use the Windows CE “Trusted Environment” to verify the authenticity of all software.  Every component is signed with Triton’s private key which must be verified by the operating system before executing.  In this manner, the ATM is protected from executing software not created or approved by Triton.

As part of the Triton customization, all system tools have been removed from the operating system that an attacker might use to access or manipulate the system, including File Explorer, Windows Desktop, Internet Explorer, Command Shell, ActiveSync, and Remote Desktop.

Triton regularly monitors all security updates provided by Microsoft.  To date, Triton has never had to install a Microsoft provided update for any security reason.  Triton will continue to monitor our ATMs for security issues beyond support by Microsoft and provide updates.

In the event a security issue is identified on an operating system that is no longer supported by Microsoft and cannot be addressed by Triton, an upgrade path to a newer operating system version will be provided.  This upgrade could include a hardware upgrade as well.  Costs for any hardware/software updates will be determined at that time.