Connect with us

Technology

IOACTIVE WARNS OF VULNERABILITIES IN 21 MOST POPULAR MOBILE TRADING APPS: HACKERS ABLE TO TRADE USERS’ STOCKS, STEAL MONEY AND ACCESS DATA

Published

on

IOACTIVE WARNS OF VULNERABILITIES IN 21 MOST POPULAR MOBILE TRADING APPS: HACKERS ABLE TO TRADE USERS’ STOCKS, STEAL MONEY AND ACCESS DATA

IOActive today released details of cybersecurity vulnerabilities found in many of the most popular mobile stock trading applications. The 21 apps tested have millions of users worldwide and process billions of dollars in transactions each year. IOActive has warned that the results of its tests thus far have proved trading app security to be much worse than personal banking apps tested in 2013 and 2015, and could allow malicious actors to trade a user’s stocks, steal their money, and gain insight into their net worth and investment strategy.

The test results, conducted by IOActive senior security consultant, Alejandro Hernandez, were outlined in a blog post published today. Key findings include:

  • 19 percent of apps expose user passwords in clear text, meaning an attacker with physical access to the device could easily log in to trade their stocks or steal money
  • 62 percent send sensitive data to log files and 67 percent store it unencrypted, allowing attackers with physical access to gain insight into a user’s net worth, investment strategy and balances
  • Two apps use unencrypted HTTP channels to transmit and receive data, and 13 of the apps that use HTTPS do not check the authenticity of the remote endpoint by verifying its SSL certificate – making it possible to perform man-in-the-middle attacks to eavesdrop and tamper with the app data via pub Wi-Fi hotspots
  • Three quarters (76 percent) of apps support fingerprint-reading as a security measure, which means they can be used by anyone that has their fingerprint registered to the device e.g. children or a spouse

“We have better security in the mobile apps used to check our bank balance and pay the gas bill than in the trading apps that transfer billions in shares and shape the financial market as we know it” said Hernandez. “The days of shouting on stock exchange trading floors are gone. Mobile devices and apps are the investment management tools of choice, but there is a major gap in security and understanding from both developers and users. Cybersecurity is not the first concern for people in the FinTech space, most of which are not technical, and nor are the people using the apps themselves. Most don’t know what’s sensitive and what needs to be properly secured. By comparison, it’s far easier to understand what constitutes sensitive information in a personal banking app, hence they are far better secured. Historically, security researchers have disregarded trading apps as well, probably because of a lack of understanding of money markets.”

In addition to fixing the vulnerabilities identified in these tests, Hernandez says that the industry has a responsibility to improve the maturity level of security in mobile trading apps, and that desktop/web platforms should also be tested and improved. In the blog post, Hernandez suggests that developers need to design new, more secure financial software; that brokerage firms should be required to perform regular internal audits; and that regulators should encourage brokers to implement safeguards for a better trading environment.

“As part of my research, I couldn’t find any recommended guidance for secure software development to educate brokers and FinTech companies on creating quality products,” continued Hernandez. “Regulators must do much more to encourage brokers to implement safeguards for a better trading environment and develop trading-specific guidelines for creating trading software. I wouldn’t discourage people using from using all mobile trading apps, but all security features should be enabled and apps must be used with an understanding of the potential risks involved. The stock market is not a casino where you magically get rich overnight. If you lack an understanding of how stocks or other financial instruments work, there is a high risk of losing money quickly. Cybersecurity has the same high stakes.

IOActive reached out to 13 of the brokerage firms whose trading apps presented some of the higher risks vulnerabilities, and has received two responses thus far. In total, 21 mobile trading applications were tested.

Technology

Hisham Itani and Resource Group Recognized in the 2020 Global Banking & Finance Awards®

Published

on

Hisham Itani and Resource Group Recognized in the 2020 Global Banking & Finance Awards® 1

Global Banking & Finance Review has awarded Hisham Itani the Chairman and CEO of Resource Group, Technology CEO of the Year Middle East 2020 in recognition of his vision, strategy and strong leadership that have contributed greatly to Resource Group’s success in winning the Most Innovative Holding Group Middle East 2020 in this Global Banking & Finance Awards®.

 

Resource Group is an investment group with a portfolio of diversified businesses that capitalizes on technology and human talent for value creation. The company has proven that it has gone the extra mile to develop innovative solutions aimed at improving people’s lives and helping Lebanon transition toward a knowledge-based economy. Global Banking and Financial Review, the renowned online and print magazine identified a number of areas that Resource Group has excelled. The company has been awarded Most Innovative Holding Group Middle East 2020, and Hisham Itani the Chairman and CEO, receives the award for Technology CEO of the Year Middle East 2020. Under his leadership, Resource Group has grown from a family security-printing business to a diversified international investment group, with a portfolio of companies across 10 sectors in over 75 countries.

Wanda Rich, editor Global Banking & Finance, said “Mr. Itani took the security printing business to another level and expanded into different technology verticals in an impressive list of success stories”. The list includes digital security, smartcard manufacturing, mobile value added solutions, cyber security and secure communication solutions, telecom infrastructure and managed services, elections supply chain services, lottery systems and operations, mobile and virtual reality games, among others.

Resource Group’s focus on technology has had a constructive and tangible impact on government automation and on citizen experience in target markets.

Editor Wanda Rich says “We are proud to offer Resource Group these prestigious awards and wish them continued success and growth into 2021 during these challenging economic times”.

Global Banking and Finance Review is a renowned online and print magazine. The magazine’s website alone receives over 7 million page views annually. Global Banking and Finance Review provides a balanced view with formative and independent news from the financial community. The Global Banking & Finance Awards® were created to recognize companies of all sizes that are prominent in particular areas of expertise and excellence within the global financial community. The awards are known throughout the global banking and financial community. They reflect the innovation, achievement, strategy, progressive and inspirational changes taking place within the financial sector.

Continue Reading

Technology

Bouncing back in 2021: Digital Transformation is no longer a choice as dependence on 5G, IoT and Data increases in society and business

Published

on

5G and Open Banking: Explosive growth or business as usual?

By Ivan Ericsson, Head of Quality Management, Expleo Group Limited

The global pandemic has put enormous strain on businesses and brought into sharp focus the importance of being agile, adaptable and able to increase the pace of innovation and change at short notice – catapulting technology right to the top of the agenda for many organisations.

As the economy works to get back on its feet, technology is only going to play a bigger role in our lives. At Expleo, as experts in digital transformation and the reliable implementation of technological innovations, we’ve outlined the biggest tech-driven trends that we expect to see in 2021 and beyond.

1)     “Digital transformation” no longer a choice

If the COVID-19 pandemic has taught businesses anything, it’s that they need to be poised to respond to abrupt market disruption at any moment, making digital transformation mandatory overnight.

With no room for delay, hugely complex corporations – that have historically been slow to adopt technology – have had to accelerate their reliance on technology just to keep afloat in recent months. Digital change, at speed, has become the norm.

Even last year, the idea of an unscheduled video conference call might put people on edge – now most of us wouldn’t think twice about calling a colleague over Teams or Zoom even for a 2-minute conversation. At the same time, social infrastructure has moved with the needs of its users, with telecoms giants strengthening and opening up networks so we can keep communicating despite social distancing.

There are now very few excuses left for operating in a non-digital way. All businesses need to be intelligent businesses that can change direction nimbly, with speed, confidence and composure. As we see more businesses putting this into practice, it’ll likely result in an increased number embracing and normalising some of the behaviours of tech-savvy giants like Apple and Amazon, who have no doubt thrived during this period.

Their success can largely be attributed to normalising an agile approach. By ensuring all applications have testing facilities built in – a “quality shadow” if you will – it allows for continuous improvements, and the ability to change direction quickly and confidently, when needed. This is particularly valuable today as the world becomes more fast-paced and increasingly unpredictable.

2)     Big data/AI/predictive analytics

We’re moving into a space where big data can be extracted from the most seemingly innocuous places. In a hyper-connected world, a move as simple as a dog walk could offer huge swathes of data to the right companies. Many businesses already realise the benefits of capturing and utilising big data, but not all have taken advantage of it. The businesses that move quickest are most likely to reap the rewards in a more impactful way than their ‘data shy’ competitors. Where data used to be a side effect of business operation, it is now the driving force.

As businesses begin to rely more heavily on data to make critical decisions, independent assurance becomes increasingly important to get those decisions right. Forward-thinking, data-driven organisations must therefore assure that the data is correct in the first place, to avoid giving businesses false confidence and risk them moving in the wrong direction – something that is rarely affordable in today’s competitive and fast-paced environment. If businesses are not 100% confident in assuring the quality and accuracy of their own data, they should look to a third party for support.

A key data trend we expect to see moving further into 2021 is the increased use of predictive analytics. At the moment, businesses will often use data analytics to give us insights into our past activities, or to tell us where we are right now. However, the real value lies in knowing where we are going and how we are going to get there. Data analytics will help to identify the optional levels that can be pulled to drive change and realise business benefit.

Secondly, as intuitive technology advances and becomes more accessible, we expect over the next 12 months to see companies of all sizes begin to adopt artificial intelligence (AI) to drive intelligent analytics. In this context, AI refers to various technologies that allow machines to learn, sifting through ‘messy’ big data in order to find and unlock valuable predictive insights into future events. This allows businesses to better adapt their strategy to likely future outcomes and get a head start in the market.

However, with this ever-increasing emphasis on data and data protection, ethical AI will have a more prominent role to play in 2021 and beyond. Protected, usable Data is a by-product of good data security and privacy measures; however, the public remain wary of how their data is being used, particularly after the fallout from Cambridge Analytica’s use of data to influence an election[1]. Businesses, therefore, must give their customers confidence that their data is secure and protected.

3)     Moral relevance/corporate altruism

Research shows that young people are increasingly researching and considering the ethics of brands they’re purchasing from. And it won’t be long before this attitude starts seeping into every other aspect of their lives, with more and more people wanting to work for what they consider to be “purpose-driven” businesses.

Talent is the lifeblood of any company, so for big corporations, many of whom were born to create profit, this could put them in a tricky position. They might already be influencing society in a positive way – but this is unlikely to have ever been their main goal.

Moving forward, however, all organisations will have to start thinking about the “Triple Bottom Line”. That means considering the environmental and social impact of your business, alongside your commercial imperative.

We’ll soon see a mindset switch across businesses, from ‘competing’ to ‘advancing’. Instead of wanting to be the “best,” the question will be, how can I better serve the world around me?

In line with this, businesses will have to start thinking more about how to use tech for good, as we’ve seen with the likes of Microsoft Teams connecting tens of millions of people every day, during this very dark time[2].

2021 is likely to bring even more inroads when it comes to using technology to improve society, whether it’s developing bespoke problem-solving technologies or using IT to ‘eco-proof’ existing sectors, the goal for businesses is to rise to this challenge and build a better future for people and the planet through the use of technology. But all organisations will continue to need to be able to justify technology use and prove that they’re using it ethically, and in a secure manner.

4)     5G new networks – just about all big trends are driven by/reliant upon faster networks – particularly relevant for a more distributed workforce

Greater access and utilisation of 5G networks across the country will underpin and accelerate all of the key trends discussed. Everything we do on our smart devices we can expect to do at higher speed, greater capacity and with lower lag times.

As our digital footprints extend beyond simple web browsing and into our daily lives through smart technology, we are creating huge amounts of data every minute. This vast flow of data is increasingly dependent on new high bandwidth networks to facilitate it. Therefore, the merging of technology and engineering will become critical in ensuring big data is carried successfully to drive analytics and drive business.

The fact we have managed to successfully work from home during COVID is a glowing recommendation for the quality of the networks as they exist today, and they will only get better.

The telecoms industry is already working overtime to ensure that people all over the country get reliable access to the internet – and the fact that there is still inequality in this area proves just how challenging this is. But, in line with this trend toward hyper automation, which will make data extraction and analysis a part of everyday life for businesses, the consolidation of tech and engineering will be ever more important.

Forward-thinking companies will look to incorporate 5G networks into their business strategy. This could be from an internal perspective to enhance the abilities of their remote workforce. Alternatively, this could relate to their own products or offerings – developing an internet of things (IoT) strategy, improve user experience, or bring products to market faster by analysing big data and adapting quicker. Either way, with increasingly improved networks, businesses are expected to take advantage of the huge increase in accessible and usable data.

Concluding comments:

For businesses to truly reap the benefits of these new technologies, they must be developed and adopted in the right way.

Quality assurance, trust and security are three key requirements that the technology of the future depends on to succeed. Having these requirements at the heart of any digital transformation will ensure that systems perform reliably, having been tested and assured.

By prioritising a seamless customer experience combined with an ability to create, test, and scale digital solutions and operationalise at pace, businesses will be in the best possible position to take advantage of the potential being unlocked by these new technologies.

Continue Reading

Technology

Ahli Bank, Oman, is SunTec’s 50th customer for its Indirect Taxation Solution

Published

on

Ahli Bank, Oman, is SunTec’s 50th customer for its Indirect Taxation Solution 2

SunTec’s GCC VAT compliance solution to help Ahli Bank automate end-to-end VAT compliance process, manage regulatory changes, and seamlessly integrate it with the existing IT ecosystem

SunTec, the world’s #1 relationship-based pricing and billing company and the provider of #1 GST and VAT compliance solution for Banks and Financial Services in GCC and India, has partnered with Ahli Bank, Oman, to provide its GCC VAT compliance solution.

The win is a landmark one for SunTec as it marks the 50th customer for its indirect taxation solution. SunTec has garnered 24 customers in India and this is the 26th customer in the Middle East to acquire the solution.

VAT is likely to be introduced in Oman in early 2021 and Ahli Bank has taken the proactive step of adopting a VAT compliance solution to ensure operational efficiency, enhance revenue, and augment customer experience.

Amit Dua, President – Client Facing Groups, SunTec, said, “We are delighted to partner with Ahli Bank, Oman in what marks a historic win, in their journey to ensure VAT compliance. We understand that the VAT landscape is evolving within the GCC, and therefore, our solution offers agility to respond to these changing regulatory requirements. With the Xelerate platform and GCC VAT compliance solution, Ahli Bank can digitize the entire VAT compliance process and comply with least number of changes to their existing technology infrastructure.”

He added, “VAT is a crucial step that the GCC countries have taken to implement tax regimes. It is imperative for banks and financial institutions to have a robust and scalable solution to accommodate their specific needs. Ahli Bank joins the list of more than 20 banks who have adopted our GCC VAT Compliance solution.  I’m proud to say that approximately 3 billion transactions per annum are processed through our GCC VAT/ GST compliance solution across our client base.”

Said Abdullah Al Hatmi, CEO at Ahli Bank, added: “It is extremely crucial for us to be ready for VAT compliance. We are very happy to partner with SunTec to deploy GCC VAT compliance solution. With SunTec we will have a single solution in place covering all aspects of VAT compliance and we will be future-proofed given that any future regulatory changes will be handled by the solution with ease.”

SunTec’s GCC VAT compliance solution based on the Xelerate platform will enable the bank to smoothly comply with GCC VAT regulations and manage potential regulatory changes with ease. The single end-to-end solution helps automate the entire VAT compliance process including centralized rule-based tax determination, input tax recovery, tax invoice, reconciliation, corrections, adjustments, statements, and regulatory reporting.

SunTec GCC VAT Compliance solution is architected to meet the unique needs of banks and financial services firms and can easily integrate with existing IT systems. The solution is designed to process all taxable transactions across business lines and applications, reduce cost of compliance, mitigate potential risk of compliance violations, penalties, and reputational risk.

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Call For Entries

Global Banking and Finance Review Awards Nominations 2021
2021 Awards now open. Click Here to Nominate

Latest Articles

The Beaconsoft story and introducing its one-of-a-kind digital campaign intelligence platform 3 The Beaconsoft story and introducing its one-of-a-kind digital campaign intelligence platform 4
Interviews1 day ago

The Beaconsoft story and introducing its one-of-a-kind digital campaign intelligence platform

By Nigel Bridges, founding CEO of Beaconsoft Limited What were you doing prior to setting up Beaconsoft? Before setting up...

Top 8 Tax Scams to Watch Out For 5 Top 8 Tax Scams to Watch Out For 6
Finance2 days ago

Top 8 Tax Scams to Watch Out For

It is tax time and that means finding the best way to file your taxes and to get a refund...

Hisham Itani and Resource Group Recognized in the 2020 Global Banking & Finance Awards® 7 Hisham Itani and Resource Group Recognized in the 2020 Global Banking & Finance Awards® 8
Technology2 days ago

Hisham Itani and Resource Group Recognized in the 2020 Global Banking & Finance Awards®

Global Banking & Finance Review has awarded Hisham Itani the Chairman and CEO of Resource Group, Technology CEO of the...

Euro zone business activity shrank in January as lockdowns hit services 9 Euro zone business activity shrank in January as lockdowns hit services 10
Business2 days ago

Euro zone business activity shrank in January as lockdowns hit services

By Jonathan Cable LONDON (Reuters) – Economic activity in the euro zone shrank markedly in January as lockdown restrictions to...

Volkswagen's profit halves, but deliveries recovering 11 Volkswagen's profit halves, but deliveries recovering 12
Business2 days ago

Volkswagen’s profit halves, but deliveries recovering

BERLIN (Reuters) – Volkswagen reported a nearly 50% drop in its 2020 adjusted operating profit on Friday but said car...

Global chip shortage hits China's bitcoin mining sector 13 Global chip shortage hits China's bitcoin mining sector 14
Business2 days ago

Global chip shortage hits China’s bitcoin mining sector

By Samuel Shen and Alun John SHANGHAI/HONG KONG (Reuters) – A global chip shortage is choking the production of machines...

Iran's oil exports rise 'significantly' despite sanctions, minister says 15 Iran's oil exports rise 'significantly' despite sanctions, minister says 16
Business2 days ago

Iran’s oil exports rise ‘significantly’ despite sanctions, minister says

DUBAI/LONDON (Reuters) – Iran’s oil exports have climbed in recent months and its sales of petroleum products to foreign buyers...

Nissan to source more UK batteries as part of Brexit deal 'opportunity' 17 Nissan to source more UK batteries as part of Brexit deal 'opportunity' 18
Business2 days ago

Nissan to source more UK batteries as part of Brexit deal ‘opportunity’

By Costas Pitas LONDON (Reuters) – Nissan will source more batteries from Britain to avoid tariffs on electric cars after...

Muted recovery for UK retailers in December ends worst year on record 19 Muted recovery for UK retailers in December ends worst year on record 20
Business2 days ago

Muted recovery for UK retailers in December ends worst year on record

By David Milliken and Andy Bruce LONDON (Reuters) – British retailers struggled to recover in December from a partial coronavirus...

Chinese phone maker Honor partners with key chip suppliers after Huawei split 21 Chinese phone maker Honor partners with key chip suppliers after Huawei split 22
Business2 days ago

Chinese phone maker Honor partners with key chip suppliers after Huawei split

By David Kirton SHENZHEN, China (Reuters) – Chinese budget phone maker Honor said on Friday it had signed partnerships with...

Newsletters with Secrets & Analysis. Subscribe Now