Trading Apps Expose Investors to Cyber Criminals, Report Finds

Be careful which app you use to trade.

Trading apps are everywhere one looks – from iPhone to Android – and in use almost everywhere from homes to mass transit to Starbucks. But are they safe and hacker-proof?

Are you checking your phone right now?

Dozens of applications used for online trading by retail investors have cybersecurity vulnerabilities, some of which could lead to hackers siphoning funds from account holders, according to security consultant IOActive Inc.

As first reported in Bloomberg/Quint, Ten of the 80 applications tested over a one-year period store passwords of subscribers without encryption, a flaw that could lead to funds being stolen, IOActive reported at the Black Hat cybersecurity conference two weeks ago in Las Vegas. Those included software by AvaTrade Ltd. and IQ Option, according to the report. Software at E*Trade Financial Corp. and TD Ameritrade Holding Corp. stores trading data without encryption, the report found.

The largest brokers offer the best security, yet still have weaknesses, said Alejandro Hernandez, a senior security consultant and author of the report. The biggest firms have been responsive to IOActives findings and are fixing the issues, Hernandez said.

In speaking to Bloomberg/Quint, Rebecca Niiya, a TD Ameritrade spokeswoman, said the company investigates any reported vulnerabilities and has already made progress in addressing the potential issues noted in the IOActive report.

Representatives for E*Trade, AvaTrade and IQ Option didnt have any comment or didnt respond to emails seeking a response.

The IQ Option report looked at desktop, mobile and website-based trading software and found the web platforms to be the most secure. Desktop applications were the least secure.