Positive Technologies specialists, who develop software in the field of cybersecurity, conducted a study of the security of trading applications. The results were disappointing.
Applications through which millions of crypto market participants move their money have weak security, new research warns.
Cryptocurrency trading platforms, like ICO projects, have at least one vulnerability. The overall picture is one of an industry that has not implemented security measures proportional to the threat at hand.
Typically, the weakest point is in mobile trading applications. Of the six Android and five iOS apps in the study, all apps contained at least three vulnerabilities.
The most common weak point is data storage. 83% of applications provide the opportunity to conduct a phishing attack and gain access to confidential data.
In second place are security gaps that allow hackers to act on behalf of the user. Thanks to it, 33% of applications can help attackers manipulate the prices of crypto assets in their own interests.
Third place, 17% of all applications allow an attacker to change the information displayed on the device screen at their discretion. This display of false data will help a hacker show the price of Bitcoin as $20,000 or $30 to a specific user and back it up with altered charts of asset movements.
Research has shown the two most commonly used methods for hacking trading applications.
⁃ Malicious JavaScript code that automatically takes control of the computer and begins activity on the exchange instead of the trader. It is easy to use such a code when a trader uses the same password and login for all accounts and uses one device for trading and communicating on social networks.
⁃ Interception of network traffic. By connecting to the user's Wi-Fi, a hacker gets the opportunity to intercept and change Internet traffic, with weak communication channel protection, replace a request from a trader and perform any operation on his behalf.
Protection measures to ensure an acceptable level of security are basic and involve regularly updating devices, using only trusted sources for downloading information, and refusing devices with root rights or jailbreaks. It is not advisable to connect to public Wi-Fi networks for trading and open spam mailings..
You May Also Like
A record number of vulnerabilities have been discovered in the Ethereum network
Experts from University College London studied smart contracts in the Ethereum network and discovered more than 34 thousand vulnerabilities that provide hackers with the ability to easily hack programs and connect to their control. However, the researchers noted that they are not sure that they have discovered all possible vulnerabilities.
Vulnerabilities in the EOS network have been discovered again
Chinese internet security company 360 Total Security has discovered a number of critical vulnerabilities in the EOS network that could have a fairly large impact on the currency and the EOS platform as a whole.
