Security vendor IOActive recently tested 21 of the most popular mobile trading applications and found that the majority of them exposed users to a range of security risks. These apps allow users to buy and sell stocks, fund accounts, keep track of equity and available buying power, and create alerts for thresholds. Some of the most popular apps were found to be more vulnerable than similar apps from 2013.
Four of the apps stored users’ passwords in plaintext without encryption either within the phone or the logging console. Most applications did not use two-factor authentication, requiring only a password to access bank accounts. The majority of apps stored information such as account balances and portfolios in unencrypted manners as well. If a hacker had physical access to a user’s phone, they could potentially take over the whole trading app and the associated bank account.
While some of the vulnerabilities required physical access to the phone to exploit, others could be taken advantage of remotely. Some apps used insecure channels to transmit and receive data. All hackers would need to do was been on the same WiFi network as a target in order to intercept the data. Other applications that did use secure channels did not properly authenticate the remote server phones interact with. This still allows a very wide opening for hackers to intercept and steal data. To read more about the study by IOActive, click here.
If you are or have been the victim of digital information hacking, call McCann Investigations at (877) 302-8133. We will provide a free consultation and outline the steps you and your response team need to take to gather and maintain the evidence you need to pursue litigation. We can also explain the critical use of a licensed investigator to perform the forensic investigation and provide an objective opinion on the origination and scope of the compromise.