Once mobile online trading platforms become popular, the nature of the cyber-crime scene will most likely change, according to an Internet security expert.
It is just a matter of time when Internet crime, which mostly has targeted personal computers, will expand to the mobile platform, according to McAfee Labs Technical Product Manager Vinoo Thomas, who spoke to The Economic Times.
Thomas outlined the possible threats to traders who use mobile platforms, including denial of service attacks, session hijacking, cross-site scripting and SQL injection.
When a lot of data is sent around the same time, systems are likely to slow down and block access to thousands of users, as seen with a DoS attack, Thomas said. This is particularly crucial in trading sessions, where the price of stocks can fluctuate by the minute, he added.
With session hijacking, the hacker can eavesdrop or pose as the legitimate user. If session hijacking takes place during an online stock trading, it can be dangerous as the details of the transaction are compromised. It could also mean the customer is dealing with a hacker, not his trader, Thomas told The Economic Times.
Cross-site scripting is something that happens when hackers trick the user into running a code, allowing the crook to obtain a copy of the cookie or perform other operations. Via cross-site scripting, attackers insert malicious content into a website with which the user is familiar. The user may click on the link from another website or an email. Everything from account hijacking, changing of user settings, cookie theft/poisoning or false advertising are potential outcomes, Thomas said.
SQL injection allows attackers to insert their own instructions, he said. They download malware onto users’ computer and redirect them to a spoofed website. This technique works by exploiting flaws in websites that have databases running behind them, allowing attackers to get a general idea of the layout of the database. They then add their own malicious content, which is later presented to unsuspecting users of the compromised site, Thomas explained.