Positive Technologies specialists, who develop software in the field of cybersecurity, conducted a study of the security of trading applications. The results were disappointing.
Applications through which millions of crypto market participants move their money have weak security, new research warns.
Cryptocurrency trading platforms, like ICO projects, have at least one vulnerability. The overall picture is one of an industry that has not implemented security measures proportional to the threat at hand.
Typically, the weakest point is in mobile trading applications. Of the six Android and five iOS apps in the study, all apps contained at least three vulnerabilities.
The most common weak point is data storage. 83% of applications provide the opportunity to conduct a phishing attack and gain access to confidential data.
In second place are security gaps that allow hackers to act on behalf of the user. Thanks to it, 33% of applications can help attackers manipulate the prices of crypto assets in their own interests.
Third place, 17% of all applications allow an attacker to change the information displayed on the device screen at their discretion. This display of false data will help a hacker show the price of Bitcoin as $20,000 or $30 to a specific user and back it up with altered charts of asset movements.
Research has shown the two most commonly used methods for hacking trading applications.
⁃ Malicious JavaScript code that automatically takes control of the computer and begins activity on the exchange instead of the trader. It is easy to use such a code when a trader uses the same password and login for all accounts and uses one device for trading and communicating on social networks.
⁃ Interception of network traffic. By connecting to the user's Wi-Fi, a hacker gets the opportunity to intercept and change Internet traffic, with weak communication channel protection, replace a request from a trader and perform any operation on his behalf.
Protection measures to ensure an acceptable level of security are basic and involve regularly updating devices, using only trusted sources for downloading information, and refusing devices with root rights or jailbreaks. It is not advisable to connect to public Wi-Fi networks for trading and open spam mailings..
You May Also Like
Cryptocurrency fraudster trader jailed for a year and a half in Arizona
Joseph Kim, 24, of Phoenix, Arizona, was sentenced to 15 months in prison for cryptocurrency fraud, according to the Illinois State Attorney's Office. In particular, he stole Bitcoin and Litecoin coins worth about $600,000 from a former employer and $545,000 from his own acquaintances.
Fake Trezor One hardware wallets flood the market
Hardware wallet maker TREZOR is warning that one of its models, the Trezor One, has been cloned and resold on secondary markets. The manufacturer of the Trezor One imitation devices is not known to the company, but they are very similar to the original ones.
