Code is displayed to a crowd Arsenal station where demos are given at Black Hat, a cybersecurity conference in the Mandalay Bay hotel on August 3, 2016 in Las Vegas, Nevada.
Ann Hermes—Christian Science Monitor via Getty Images
By Bloomberg
August 9, 2018

Dozens of applications used for online trading by retail investors have cybersecurity vulnerabilities, some of which could lead to hackers siphoning funds from account holders, according to security consultant IOActive Inc.

Ten of the 80 applications tested over a one-year period store passwords of subscribers without encryption, a flaw that could lead to funds being stolen, IOActive reported at the Black Hat cybersecurity conference Thursday in Las Vegas. Those included software by AvaTrade Ltd. and IQ Option, according to the report. Software at E*Trade Financial Corp. and TD Ameritrade Holding Corp. stores trading data without encryption, the report found.

The largest brokers offer the best security, yet still have weaknesses, said Alejandro Hernandez, a senior security consultant and author of the report. The biggest firms have been responsive to IOActive’s findings and are fixing the issues, Hernandez said.

Rebecca Niiya, a TD Ameritrade spokeswoman, said the company investigates any reported vulnerabilities and has “already made progress in addressing the potential issues noted in the IOActive report.”

Representatives for E*Trade, AvaTrade and IQ Option didn’t have any comment or didn’t respond to emails seeking a response.

The analysis looked at desktop, mobile and website-based trading software and found the web platforms to be the most secure. Desktop applications were the least secure.

Using the same criteria, banking applications on all platforms are many times more secure than trading apps, Hernandez said. Retail investors could have a false sense of security because they probably equate their trading applications with their banking software, he said.

SPONSORED FINANCIAL CONTENT

You May Like

EDIT POST