Security Consultant Says Stock Trading Apps Insecure

The Associated Press
AP Photo/Mark Lennihan

On Thursday, at the Black Hat cybersecurity conference in Las Vegas, IOActive Inc. outlined the vulnerabilities of many popular investment apps.

The cybersecurity firm has issued a warning about the dangers of online trading applications, based on extensive research by senior security consultant Alejandro Hernandez. “The advent of electronic trading platforms and networks has made exchanging financial securities easier and faster than ever,” Hernandez wrote, “but this comes with inherent risks.”

Some of those risks are more readily apparent than others. In fact, ten out of the 80 tested stock trading apps do not even bother to encrypt the user’s password. Lacking even that elementary shield, individuals hoping to make their money grow could all too easily find it missing altogether.

Even the largest electronic brokers have their weaknesses, though many have already begun shoring them up in the wake of these findings. TD Ameritrade was found to store trading data without encryption, but spokeswoman Rebecca Niiya said that the company has “already made progress in addressing the potential issues noted in the IOActive report.”

It seems nearly impossible to get companies to proactively protect their users without being forced to do so, but the raft of changes taking place is a step in the right direction. In the meantime, Hernandez’ investigation should help informed traders to approach their online transactions with appropriate wariness—and know who they can trust.


Please let us know if you're having issues with commenting.