While many banking application developers have made great strides in hardening their software from attacks, much of the rest of the fintech application field is wide open for ownage through very basic but severe vulnerabilities reminiscent of the kind we saw nearly a decade ago.
Next month at Black Hat USA, a researcher from IOActive will detail some stark examples of this during a presentation that will show the depths of flaws found present in stock-trading platforms used by millions of traders around the globe.
“When I’m testing a web platform or mobile platform, it is as if I’m testing an application from 2010 or 2012,” says Alejandro Hernandez, senior consultant for IOActive. This is a follow-on from initial research he presented last year on a limited number of mobile-trading applications. This year, he expanded the scope to desktop, web application, and mobile-trading software offered by a wide range of financial institutions.