Got a tip for us? Share it...
RSS

'Citi Mobile' Updated to Address Security Flaw

Monday July 26, 2010 10:33 am PDT by Eric Slivka

The Wall Street Journal reports that financial behemoth Citigroup today revealed that a security flaw had been discovered in its Citi Mobile application for the iOS platform, a flaw that was patched in an update to the application released last week.

In an incident that highlights the growing security challenges around wireless apps, Citi said its iPhone app accidentally saved personal account information in a hidden file on users' iPhones. Information that may have been stored includes their account numbers, bill payments and security access codes.

The information may also have been saved to a user's computer if they synced their iPhone with a PC.

According to the report, there is no evidence that information could be or has been accessed by hackers, but nevertheless the company issued an update to the application last week that addresses the issue. While the update's App Store description does not specifically address the security risk, it does call the update a "mandatory upgrade" and notes that it contains security enhancements. The company also notified customers by letter on July 20th.

The application has seen three other revisions since its March 2009 introduction, and it is unclear whether the security issue has been present in all versions or if it was introduced sometime after the initial release.
[ 11 comments ]

Top Rated Comments

(View all)

Avatar
niuniu
Posted: 24 months ago
Does anyone bank with Citi?

Is their online banking any good?
Rating: 0 Positives / 0 Negatives
Avatar
Mlrollin91
Posted: 24 months ago

Does anyone bank with Citi?

Is there online banking any good?


I like BOFA online banking better. (Have both) but BOFA's app is literally crap.
Rating: 0 Positives / 0 Negatives
Avatar
blasto333
Posted: 24 months ago
I think chase has the best online banking and mobile app.
Rating: 0 Positives / 0 Negatives
Avatar
citi
Posted: 24 months ago
you're welcome.

:D:D
Rating: 0 Positives / 0 Negatives
Avatar
niuniu
Posted: 24 months ago

you're welcome.

:D:D


:D
Rating: 0 Positives / 0 Negatives
Avatar
Prenvo
Posted: 24 months ago
"In an incident that highlights the growing security challenges around wireless apps"

Sigh.
Rating: 0 Positives / 0 Negatives
Avatar
BVGuitarPlayer
Posted: 24 months ago
So in other words, I get the old app, find where the file is stored, and scan AT&T IPs for jailbroken iPhones with default ssh passwords of people who are too lazy to update apps. Sounds reasonable to me.

Way to go Citi. Way to go employers. Way to go economy. I have a BSBA in MIS from the second best program in the US: Eller College of Management and I can't get a job despite sending over 100 applications with unique cover letters and professionally reviewed resumes, great experience and excellent interview skills. Seriously. That's messed up.

Am I really going to have to go grey hat to get a job as an IT guy?
Rating: 0 Positives / 0 Negatives
Avatar
mrathee
Posted: 24 months ago
This seems like a fairly large flaw - it isn't as if the coders behind the app didn't notice that it was creating a file with all this information. they probably created the thread that did it..

even if it was a cache file for "quick launches" or whatever other bs they can come up with, thats just flat out stupid.

things like this spur the "i dont trust the internet with my personal information" crazies.

*note: i am not one of the aformentioned crazies. sometimes i just give out my banking info for fun.
Rating: 0 Positives / 0 Negatives
Avatar
Corey213
Posted: 24 months ago
I have this App so I can check my account info. I did notice that somehow my email changed though. No fraudulent charges yet so I should be good.



And to answer somebody's question. Citi has great online banking. I haven't used chase so I cannot compare it but I am pleased with Citi
Rating: 0 Positives / 0 Negatives
Avatar
eastercat
Posted: 24 months ago
This kind of idiocy is why I avoid online banking on the phone. At least with my computer this is less likely to happen--unless I screw up through my own idiotic behavior.
Rating: 0 Positives / 0 Negatives

[ Read All Comments ]