Stock trading apps rife with security problems, says new research

Stock trading apps rife with security problems, says new research
© Getty Images

Top stock-trading mobile apps have security problems that are easy to uncover and exploit, to the point that they could be used to hijack accounts or profile victims for other types of crime, according to new research.

Alejandro Hernandez at IOActive looked at 21 top trading apps, including TD Ameritrade, Charles Schwab, E-Trade, Fidelity and others.

“It’s certainly worse than I was expecting,” he told The Hill.

ADVERTISEMENT
Twelve of the 21 apps did not validate the security certificate for, making it possible for an attacker to eavesdrop or even alter logins or transactions.

Two did not use encryption at all.

All but one of the apps would operate on a phone that had been “rooted,” meaning that core permissions for who could have full access to the phone. Banking apps commonly will not operate on rooted phones.

Many apps saved passwords and account data in unencrypted text on the phone, placed data that should be kept secret into the source code in ways attackers could find it or contained other security flaws.

Hernandez said he did not initially set out to make this a formal research project. Instead, he originally just intended to test the app he used for his own investments.