Positive Technologies specialists, who develop software in the field of cybersecurity, conducted a study of the security of trading applications. The results were disappointing.
Applications through which millions of crypto market participants move their money have weak security, new research warns.
Cryptocurrency trading platforms, like ICO projects, have at least one vulnerability. The overall picture is one of an industry that has not implemented security measures proportional to the threat at hand.
Typically, the weakest point is in mobile trading applications. Of the six Android and five iOS apps in the study, all apps contained at least three vulnerabilities.
The most common weak point is data storage. 83% of applications provide the opportunity to conduct a phishing attack and gain access to confidential data.
In second place are security gaps that allow hackers to act on behalf of the user. Thanks to it, 33% of applications can help attackers manipulate the prices of crypto assets in their own interests.
Third place, 17% of all applications allow an attacker to change the information displayed on the device screen at their discretion. This display of false data will help a hacker show the price of Bitcoin as $20,000 or $30 to a specific user and back it up with altered charts of asset movements.
Research has shown the two most commonly used methods for hacking trading applications.
⁃ Malicious JavaScript code that automatically takes control of the computer and begins activity on the exchange instead of the trader. It is easy to use such a code when a trader uses the same password and login for all accounts and uses one device for trading and communicating on social networks.
⁃ Interception of network traffic. By connecting to the user's Wi-Fi, a hacker gets the opportunity to intercept and change Internet traffic, with weak communication channel protection, replace a request from a trader and perform any operation on his behalf.
Protection measures to ensure an acceptable level of security are basic and involve regularly updating devices, using only trusted sources for downloading information, and refusing devices with root rights or jailbreaks. It is not advisable to connect to public Wi-Fi networks for trading and open spam mailings..
You May Also Like
Belgium's financial regulator added 14 trading platforms to its list of suspected scams
The Financial Services and Markets Authority (FSMA) has added 14 new cryptocurrency platforms to its list of platforms believed to be fraudulent. The list of suspects now consists of 113 websites.
Researchers claim that 400,000+ MikroTik routers are infected
The MikroTik mining virus was first discovered in August in Brazil, but has since continued to spread throughout the world.
