Loophole alarm over stocks apps

Top News | Michelle Li 4 Aug 2017

There's a high chance of your bank account information getting stolen if you're investing in stocks using trading apps on your Android mobile phones or tablets, warns a private firm that conducted a study into app security.

Mobile Security Research Lab's study, from April to July, subjected 140 selected stock trading apps to 25 security tests.

Most of the apps - 86 percent - failed to make it past the top five criteria. Only four apps passed.

The gaping lack of security can mean dire consequences for users, including hackers gaining access to bank account information and even allowing them to transfer money from the users' accounts.

Hong Kong has one of the world's largest growing stock markets, with daily turnover up nearly 20 percent to HK$103.3 billion three days ago. It marked the first time since June 9 when daily turnover exceeded HK$100 billion.

However, the uptrend has been accompanied by a steady increase in attacks on stock trading apps, the Hong Kong Computer Emergency Response Team Coordination Centre said.

It said 6,058 attacks were made in 2016, up 23 percent from 2015.

For more than 18 months to March 2015, cyber security incidents cost more than HK$110 million, including an "extreme case" of unauthorized transactions involving HK$2 million.

"Many app developers are unaware of the basic security principles in encryption and digital certification," said Paul Chow Chi-fai, a security researcher for the Lab.

"I sincerely hope developers prioritize improving the security level of their apps."

Those vulnerable to reverse engineering - the widest loophole by far - comprised an alarming 98 percent of the apps.

The loophole allows hackers to "reverse" the app back to its original source code to extract an encryption key that can be used to unlock user data that is supposed to protected by the same key.

Wireless Technology Industry Association honorary chairman John Chiu Chi-yeung said since apps have become a part of people's daily lives, developers should ensure the safety of their consumers' personal information.

For better protection, investors should use mobile data instead of a Wi- Fi connection when making transactions and installing adequate anti-virus software, said Professional Information Security Association vice chairman Frankie Wong Sze-ming.

The Lab is a member of WTIA, a non-profit association established in 2001 that is dedicated to the wireless and mobile industry.

Search Archive

Advanced Search
May 2021

Today's Standard