'Citi Mobile' Updated to Address Security Flaw

Monday July 26, 2010 11:33 AM PDT by Eric Slivka

The Wall Street Journal reports that financial behemoth Citigroup today revealed that a security flaw had been discovered in its Citi Mobile application for the iOS platform, a flaw that was patched in an update to the application released last week.

In an incident that highlights the growing security challenges around wireless apps, Citi said its iPhone app accidentally saved personal account information in a hidden file on users' iPhones. Information that may have been stored includes their account numbers, bill payments and security access codes.

The information may also have been saved to a user's computer if they synced their iPhone with a PC.

According to the report, there is no evidence that information could be or has been accessed by hackers, but nevertheless the company issued an update to the application last week that addresses the issue. While the update's App Store description does not specifically address the security risk, it does call the update a "mandatory upgrade" and notes that it contains security enhancements. The company also notified customers by letter on July 20th.

The application has seen three other revisions since its March 2009 introduction, and it is unclear whether the security issue has been present in all versions or if it was introduced sometime after the initial release.

11 comments