Security in proprietary financial application stacks is something the security community rarely talks about. Either due to the fact its difficult to obtain access to such setups, or because they are not in widespread use, basic security issues in such platforms have mostly flown under the radar.
Today, we would like to announce the slides from our PacSec 2013 talk on the state of affairs in proprietary FOREX trading platforms. In our research, we discovered several vulnerabilities and design issues in the way MetaQuotes MetaTrader 4 and FXCM’s Trading Station (and SDK) communicate over the internet, transmit credentials and authenticate to their respective services.
The slides can be downloaded from here. Thanks to everyone who attended, gave us feedback and bought us beer!