Hackers 'can steal money' from insecure stock apps

Security vulnerabilities in stock trading apps could allow hackers to steal money, researchers have warned.
After testing 16 desktop applications, 30 websites, and 34 mobile apps, "major vulnerabilities" were identified which could give criminals opportunities to conduct financial espionage or take funds.
Alejandro Hernandez, from the cyber security company IOActive, found that hackers could "access a user's personal banking information through desktop and web applications" as well as "steal money and gain insights into net worth and investment strategies".The warning, issued at hacking conference Black Hat, follows initial research which was published by Mr Hernandez.He said: "It's deeply concerning that some of the same vulnerabilities have still not been fixed."Major trading platforms operated by international financial organisations such as Bloomberg and Capital One are "the most secure", the research suggests.However, other platforms are so insecure that the researchers declined to name them for fear that criminals would immediately begin to target users.
Hackers 'can steal money' from insecure stock apps

Traders using public WiFi are at particular risk with badly designed apps
Among the most significant issue were the apps' failure to use encryption to protect their communications against anybody in the middle of the network between the app and the back-end systems.
Mr Hernandez said: "Imagine a stock trader in a coffee shop, using public WiFi."An attacker would be able to easily perform a man-in-the-middle attack and identify or modify the network traffic that is unencrypted."For example, the attacker could see the username and password of the trader's account and later login through a web browser, link his or her bank account, sell the stocks at market price to liquidate the investments, transfer the money, remove the added bank account and log out."Jennifer Steffens, the chief executive of IOActive, said: "Alejandro's continued research and discovery of major flaws in stock trading technologies will hopefully be a wake-up call to the financial industry."They need to implement the strong security controls they already have in place for banking applications and follow industry best practices to properly develop mobile, desktop and web applications, and continuously scan them for vulnerabilities."
More from Science & Tech

Laziness made human ancestors go extinct, suggest scientists

Butlin's admits 34,000 guest records stolen in hack

Fake news: Why people fall for it and how to stop believing it

Scientists 'solve' mystery of Jupiter's colourful bands

US unveils plans for new Space Force by 2020 to counter China and Russia threat

Samsung launches Fortnite for Android exclusive

IOActive stated that all of the vendors impacted by the stock trading vulnerabilities it discovered have been notified.However, the company said it cannot confirm whether the flaws have been fixed yet.
See also:
Leave a comment
  • Latest
  • Read
  • Commented
Calendar Content
«    Май 2019    »