Citi Mobile iPhone banking app contained security flaw

Citi Mobile App

Citigroup has confirmed that previous versions of its mobile banking application – Citi Mobile – for the Apple iPhone, contained a security flaw that caused it to save private information, such as account numbers, bill payments and security access codes, in a hidden file on users’ devices. Once saved to the hidden file, an attacker with physical access to the phone could access a victim’s information by connecting the Apple smartphone to a Mac or PC and gaining access to the device’s file system. It’s also believed that, once synced to a user’s computer via iTunes – which automatically backs up devices –, an attacker could gain access to the sensitive information from the locally stored backup file.

According to a report by The Wall Street Journal, the flaw affected approximately 117,600 registered iPhone app users. A Citi representative told the news outlet that it has “no reason to believe that our customers’ personal information has been accessed or used inappropriately by anyone”.

The iPhone App, launched in March of 2009, provides access to a number of services for users with Citi accounts, ranging from balance enquiries and accessing their credit cards, to paying bills and transferring money while away from their computers. The latest 2.0.3 release (iTunes link) of Citi Mobile from the 19th of July addresses the issue and also contains several bug fixes. All previous versions are reportedly vulnerable and all users are advised to upgrade as soon as possible.

Source.

Advertisements
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: