England's second biggest police
force has revealed that more than one in five of its computers were still
running Windows XP as of July.
Microsoft ended nearly all support for the operating system
in 2014. Experts say its use could pose a
hacking risk.
The figure was disclosed as part of
a wider Freedom of Information request.
"Even if security
vulnerabilities are identified in XP, Microsoft won't distribute patches in the
same way it does for later releases of Windows," said Dr Steven Murdoch, a
cyber-security expert at University College London.
"So, if the [police's] Windows
XP computers are exposed to the public internet, then that would be a serious
concern.
"If they are isolated, that
would be less of a worry - but the problem is still that if something gets into
a secure network, it might then spread. That is what happened in the NHS with
the recent Wannacry outbreak."
In May, ransomware malware known as
Wannacry caused havoc to the National Health Service's computer systems.
Infected computers' files were
digitally scrambled making them inaccessible, while staff were told to switch
off other PCs to stop the infection from spreading.
Operations and other appointments
had to be cancelled as a consequence.
Greater Manchester Police said it
was reducing its reliance on XP "continually".
"The remaining XP machines are
still in place due to complex technical requirements from a small number of
externally provided highly specialised applications," a spokeswoman said
"Work is well advanced to
mitigate each of these special requirements within this calendar year,
typically through the replacement or removal of the software applications in
question."
Attack
risk
Most of the UK's police forces
refused to disclose their numbers in response to the Freedom of Information
request, citing security concerns.
Several suggested revealing a large
figure might lead them to become a target, while revealing a low tally could
put others at greater risk of attack.
However, eight forces that had fewer
than 10 PCs using XP were willing to confirm the fact.
Of the other forces that shared
their numbers:
- Cleveland Police said it had seven computers running
XP, representing 0.36% of the total
- the Police Service of Northern Ireland said it had five
PCs still running XP, representing 0.05% of the total
- the Civil Nuclear Constabulary said it had fewer than
10 computers in operation running Windows XP, representing less than 1% of
the total, but it added none of them was on its live network
- Gwent Police, North Wales Police, Lancashire
Constabulary, Wiltshire Police and City of London Police all said they had
no computers running XP
The UK's biggest force - London's
Metropolitan Police Service - was among those that refused to share an
up-to-date figure.
But in June it said about 10,000 of
its desktop computers were still running XP.
"Disclosing further information
would reveal potential weaknesses and vulnerability," the force's
information manager, Paul Mayger, said.
"This would be damaging as criminals/terrorists
would gain a greater understanding of the MPS's systems, enabling them to take
steps to counter them."
Image copyright Getty Images Image
caption Microsoft says computers that still use XP should not be considered
"secure"
The Met had, however, answered a
Freedom of Information request on the subject in October 2015, when it said
35,640 of its desktop and laptop computers were running XP.
No comments:
Post a Comment