There’s always an element of risk in playing the stock market. However, traders now have to face the extra hazard of having their money or personal data stolen. Alejandro Hernandez, a researcher with personal experience of online trading, has identified that several leading mobile stock trading applications have a number of insecurities in their systems – and furthermore they are showing no interest in addressing them.
Having tested the apps against a checklist of vulnerabilities, Hernandez found a host of serious shortcomings – including root detection, privacy features, encryption, storage and communication of secure data and validation of SSL certificates; not to mention the use of cleartext passwords. Even the apps that do contain privacy mode features are merely partially protected, only concealing some of the user’s personal data.
An intruder could use these insecurities to find out details about the victim’s finances and trading patterns, steal their credentials, interfere with trades or even siphon off cash from their accounts.