[Hopka]

So it's not as easy as walking into your bank, sending a text message to the ATM and walking out with a lot of free money.

You actually need physical access to a USB port of the ATM which is hidden somewhere inside. So I guess the hack here is that the money inside an ATM is very well hidden and even protected by exploding paint barrels so it cannot normally be stolen even with physical access for a long period of time. But it is possible to get the Windows XP based software to dispense money from the safe by injecting a trojan through USB.

Unfortunately, the article does not make that very clear.

[somesay]

Also you have to get to an USB port, seems like attackers know for some ATMs where to cut a hole in for that. But the real problem is that the machine isn't isolated well enough through hardware design. Just imagine you could access and replace the HDD. While it may use an XP exploit, that's not the real problem.

Since the life time end of normal XP (not even the embedded version), those "XP will doom our money" news spawn everywhere for no good reason.

TL;DR: It's primary a hardware design issue.