PDA

View Full Version : 'Citi Mobile' Updated to Address Security Flaw




MacRumors
Jul 26, 2010, 12:43 PM
http://www.macrumors.com/images/macrumorsthreadlogo.gif (http://www.macrumors.com/iphone/2010/07/26/citi-mobile-updated-to-address-security-flaw/)


http://images.macrumors.com/article/2010/07/26/134022-citi_mobile_icon.jpg

The Wall Street Journal reports (http://online.wsj.com/article/SB10001424052748703700904575391273536355324.html) that financial behemoth Citigroup today revealed that a security flaw had been discovered in its Citi Mobile (http://appshopper.com/finance/citi-mobile-sm) application for the iOS platform, a flaw that was patched in an update to the application released last week.In an incident that highlights the growing security challenges around wireless apps, Citi said its iPhone app accidentally saved personal account information in a hidden file on users' iPhones. Information that may have been stored includes their account numbers, bill payments and security access codes.

The information may also have been saved to a user's computer if they synced their iPhone with a PC.According to the report, there is no evidence that information could be or has been accessed by hackers, but nevertheless the company issued an update to the application last week that addresses the issue. While the update's App Store description does not specifically address the security risk, it does call the update a "mandatory upgrade" and notes that it contains security enhancements. The company also notified customers by letter on July 20th.

The application has seen three other revisions since its March 2009 introduction, and it is unclear whether the security issue has been present in all versions or if it was introduced sometime after the initial release.

Article Link: 'Citi Mobile' Updated to Address Security Flaw (http://www.macrumors.com/iphone/2010/07/26/citi-mobile-updated-to-address-security-flaw/)



niuniu
Jul 26, 2010, 12:45 PM
Does anyone bank with Citi?

Is their online banking any good?

Mlrollin91
Jul 26, 2010, 12:46 PM
Does anyone bank with Citi?

Is there online banking any good?

I like BOFA online banking better. (Have both) but BOFA's app is literally crap.

blasto333
Jul 26, 2010, 01:28 PM
I think chase has the best online banking and mobile app.

citi
Jul 26, 2010, 01:43 PM
you're welcome.

:D:D

niuniu
Jul 26, 2010, 01:45 PM
you're welcome.

:D:D

:D

Prenvo
Jul 26, 2010, 06:37 PM
"In an incident that highlights the growing security challenges around wireless apps"

Sigh.

BVGuitarPlayer
Jul 26, 2010, 07:29 PM
So in other words, I get the old app, find where the file is stored, and scan AT&T IPs for jailbroken iPhones with default ssh passwords of people who are too lazy to update apps. Sounds reasonable to me.

Way to go Citi. Way to go employers. Way to go economy. I have a BSBA in MIS from the second best program in the US: Eller College of Management and I can't get a job despite sending over 100 applications with unique cover letters and professionally reviewed resumes, great experience and excellent interview skills. Seriously. That's messed up.

Am I really going to have to go grey hat to get a job as an IT guy?

mrathee
Jul 27, 2010, 11:23 AM
This seems like a fairly large flaw - it isn't as if the coders behind the app didn't notice that it was creating a file with all this information. they probably created the thread that did it..

even if it was a cache file for "quick launches" or whatever other bs they can come up with, thats just flat out stupid.

things like this spur the "i dont trust the internet with my personal information" crazies.

*note: i am not one of the aformentioned crazies. sometimes i just give out my banking info for fun.

Corey213
Jul 27, 2010, 11:54 AM
I have this App so I can check my account info. I did notice that somehow my email changed though. No fraudulent charges yet so I should be good.



And to answer somebody's question. Citi has great online banking. I haven't used chase so I cannot compare it but I am pleased with Citi

eastercat
Aug 1, 2010, 02:44 PM
This kind of idiocy is why I avoid online banking on the phone. At least with my computer this is less likely to happen--unless I screw up through my own idiotic behavior.

martinapinto
Aug 4, 2010, 05:03 AM
Nice post. I enjoy this post gorgeously with all of my friends. Really nice.
thanks.

Good information here. I really enjoy reading them every day. I've learned a lot from them.

Buy Car Insurance (http://www.buycarinsonline.com)