Security holes found in online stock trading platforms

Security holes found in online stock trading platforms

A new report finding security holes in digital trading platforms is a sharp reminder of one downside associated with our Digital Lifestyle investing theme. While most tend to take it for granted the ease of shopping or in this case trading or at least buying and selling stocks, mutual funds, and ETFs online, few are likely pondering the inherent risks when they doing so, especially at a Starbucks or another public access Wi-Fi network.

The report also shows that better security measures need to be instilled to protect sensitive information in consumer accounts and that spending is a positive incremental driver for our Safety & Security investing theme.

 

A new report from Alejandro Hernández, a security consultant at IOActive, found that nearly all of the 40 major online trading platforms he investigated had at least some form of vulnerability. While they range widely in severity and scope, the overall picture is of an industry that has not taken security measures proportional to the sensitive information involved.

Hernández analyzed 16 desktop applications, 34 mobile apps, and 30 websites, comprising 40 trading platforms in all. That includes major legacy players like Fidelity and Charles Schwab, mobile-first upstarts like Robinhood, and less common names like Kraken and Poloniex. And while some companies, like Schwab and Merrill Edge, earned mostly high marks for their security hygiene, the overall picture seems bleak.

Well over half of the desktop applications Hernández examined, for instance, transmitted at least some data—things like balances, portfolios, and personal information—unencrypted. That leaves traders vulnerable to a potential attack from someone on the same Wi-Fi network, who could observe that information and potentially intercept and alter it using a fairly straightforward man-in-the-middle attack.

Also troubling: Several mobile apps and a handful of desktop applications stored passwords unencrypted locally, or sent them to logs in plain text.

Source: Online Stock Trading Has Serious Security Holes | WIRED

About the Author

Chris Versace, Chief Investment Officer
I'm the Chief Investment Officer of Tematica Research and editor of Tematica Investing newsletter. All of that capitalizes on my near 20 years in the investment industry, nearly all of it breaking down industries and recommending stocks. In that time, I've been ranked an All Star Analyst by Zacks Investment Research and my efforts in analyzing industries, companies and equities have been recognized by both Institutional Investor and Thomson Reuters’ StarMine Monitor. In my travels, I've covered cyclicals, tech and more, which gives me a different vantage point, one that uses not only an ecosystem or food chain perspective, but one that also examines demographics, economics, psychographics and more when formulating my investment views. The question I most often get is "Are you related to…."

Comments are closed.