'Citi Mobile' Updated to Address Security Flaw

[MacRumors]

The Wall Street Journal reports that financial behemoth Citigroup today revealed that a security flaw had been discovered in its Citi Mobile application for the iOS platform, a flaw that was patched in an update to the application released last week.

In an incident that highlights the growing security challenges around wireless apps, Citi said its iPhone app accidentally saved personal account information in a hidden file on users' iPhones. Information that may have been stored includes their account numbers, bill payments and security access codes.

The information may also have been saved to a user's computer if they synced their iPhone with a PC.

According to the report, there is no evidence that information could be or has been accessed by hackers, but nevertheless the company issued an update to the application last week that addresses the issue. While the update's App Store description does not specifically address the security risk, it does call the update a "mandatory upgrade" and notes that it contains security enhancements. The company also notified customers by letter on July 20th.

The application has seen three other revisions since its March 2009 introduction, and it is unclear whether the security issue has been present in all versions or if it was introduced sometime after the initial release.

Article Link: 'Citi Mobile' Updated to Address Security Flaw

 

[niuniu]

Does anyone bank with Citi?

Is their online banking any good?

 

[Mlrollin91]

Does anyone bank with Citi?

Is there online banking any good?

I like BOFA online banking better. (Have both) but BOFA's app is literally crap.

 

[blasto333]

I think chase has the best online banking and mobile app.

 

[citi]

you're welcome.

 

[niuniu]

you're welcome.

 

[Prenvo]

"In an incident that highlights the growing security challenges around wireless apps"

Sigh.

 

[BVGuitarPlayer]

So in other words, I get the old app, find where the file is stored, and scan AT&T IPs for jailbroken iPhones with default ssh passwords of people who are too lazy to update apps. Sounds reasonable to me.

Way to go Citi. Way to go employers. Way to go economy. I have a BSBA in MIS from the second best program in the US: Eller College of Management and I can't get a job despite sending over 100 applications with unique cover letters and professionally reviewed resumes, great experience and excellent interview skills. Seriously. That's messed up.

Am I really going to have to go grey hat to get a job as an IT guy?

 

[mrathee]

flawed

This seems like a fairly large flaw - it isn't as if the coders behind the app didn't notice that it was creating a file with all this information. they probably created the thread that did it..

even if it was a cache file for "quick launches" or whatever other bs they can come up with, thats just flat out stupid.

things like this spur the "i dont trust the internet with my personal information" crazies.

*note: i am not one of the aformentioned crazies. sometimes i just give out my banking info for fun.

 

[Corey213]

I have this App so I can check my account info. I did notice that somehow my email changed though. No fraudulent charges yet so I should be good.



And to answer somebody's question. Citi has great online banking. I haven't used chase so I cannot compare it but I am pleased with Citi

 

[eastercat]

This kind of idiocy is why I avoid online banking on the phone. At least with my computer this is less likely to happen--unless I screw up through my own idiotic behavior.

 

[martinapinto]

Nice post. I enjoy this post gorgeously with all of my friends. Really nice.
thanks.

Good information here. I really enjoy reading them every day. I've learned a lot from them.

Buy Car Insurance