Popular Financial Trading Apps

Security researcher Alejandro Hernández of IOActive recently analyzed 21 of the most popular mobile financial trading apps currently available on the App Store and Google Play Store and discovered several serious vulnerabilities including the exposure of unencrypted, cleartext passwords and the transmission and storage of unencrypted sensitive trading data. Additionally, many of the apps were not able to detect a rooted environment on the device, did not validate SSL certificates, and some were even vulnerable to cross-site scripting (XSS) attacks. Exploitation of these vulnerabilities could result in unauthorized access to victims’ financial or trading accounts and the theft of sensitive personal and financial information. The NJCCIC recommends users of popular financial trading apps review the IOActive report and be mindful of the potential risks when downloading and using these apps, implement multi-factor authentication where available, and monitor accounts for suspicious activity.