[somesay]

Also you have to get to an USB port, seems like attackers know for some ATMs where to cut a hole in for that. But the real problem is that the machine isn't isolated well enough through hardware design. Just imagine you could access and replace the HDD. While it may use an XP exploit, that's not the real problem.

Since the life time end of normal XP (not even the embedded version), those "XP will doom our money" news spawn everywhere for no good reason.

TL;DR: It's primary a hardware design issue.