The problem with hardware lockdown is that at the end of the day x-boxes and PlayStations are only interacting with a screen to display media.
ATMs on the other hand are designed to interact with physical hardware that sucks money up and spits it out. Locking down the operating system is easy, but if the hardware is controlled by serial interfaces then you've got a weak point there unless the serial interfaces are encrypted (spoiler, they are not!). To encrypt them you'd need to put something at the OS side and something at the hardware (pneumatics/motors) side and ensure they aren't accessible (ie, located inside the safe part of the ATM). Its not impossible to do, but I somehow doubt they'll do it anyway.
You could make a rigged PRNG but the front-end software of the system (different applications) have to display extremely detailed statistics on every function and variable (payouts, money in, number of wins, probabilities etc) and that code will have to be open source. The only upside to interfering with the PRNG would be being able to predict the winning moves based on whats on-screen (assuming whats on-screen is derived from the PRNG).
The actual slot machines themselves are unexpectedly secure. But the back-end environment is usually a total mess. The aim of the admins is to make sure no-one gets to the back-end environment and that's achieved through heavy use of CCTV and port-security on switches.
If you ever open up an ATM you'll realise that the majority of things are controlled by serial interfaces (upto 6 of them) for all the motors and pneumatic hardware.
If the operating system becomes hardened enough, you'll eventually have people interface with the serial ports directly to manipulate the cash-drawers directly.
I'm not sure why this hasn't really been done in practice but it shouldn't be to difficult to figure out how to do correctly.
In most ATM's the computer hardware and interface connectors are also all housed in the top (mostly plastic or low-quality cast metal) shrouds (as opposed to the currency locked in a safe). Traditionally wafer locks were also used to secure this section however they are slowly migrating to higher security locks like Abloys.
ATM manufacturers may want to take a look at slot machine manufacturers for clues on how to harden machines against tampering.
More than one exploit released by the shadow brokers was specifically targeted at Linux/Unix/Cisco and other operating systems...
Its naive to think that other operating systems are somehow invulnerable to nation-state attackers.
Statistical analysis of traffic flow in encrypted communications to determine the type of traffic has been done effectively.
There was a paper a few years ago against VoIP protocols specifically.
Depends on design and cost. Your thinking of a vault. Vaults have a solid door (as described above) and essentially its layers of security. The other 5 sides sometimes are the weakest point, but will still take significant amounts of time to penetrate on any properly designed vault.
No point in putting an extremely expensive vault door in a room that's got just concrete and re-bar.
The other thing is to make it harder to access those other walls as opposed to the front where you can walk up to it.
You cannot casually drill a safe. Not talking about your hardware store variety of safe, or a 'fireproof safe'. But a legit safe like you'd find in an ATM has a number of countermeasures to ensure that its not possible to drill the safe in a short amount of time.
Mixed into the steel is usually a number of drill-bit-breaking things like hardened ceramic/steel ball bearings, odd shaped chunks of metal, plastics which all react differently to different attacks in order to ensure that one attack does not compromise the door and that its near-impossible to do quickly.
Bigger safes employ the use of fancy mixtures of concrete and metal to resist even more aggressive attacks like thermal lancing etc by turning the whole door/wall into a giant heat-sink.
Where the are drilling, next to the keypad is usually some kind of thin sheet metal or plastic or combination. The 'top' part of the ATM (which houses the PC running it, the cables and a bunch of other electronics) is usually extremely insecure (wafer locks you can pick, flimsy construction).
The hardened part of the ATM is only the safe (which, by design, actually has several large holes in it as well).
You won't be casually drilling through the safe with a hole-saw or other portable equipment without spending a considerable amount of time.