In association with heise online

27 July 2010, 13:30

Citi Mobile iPhone banking app contained security flaw

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Zoom The Citi Mobile iPhone application gives users access to their accounts on the go.
Source: Citigroup
Citigroup has confirmed that previous versions of its mobile banking application – Citi Mobile – for the Apple iPhone, contained a security flaw that caused it to save private information, such as account numbers, bill payments and security access codes, in a hidden file on users' devices. Once saved to the hidden file, an attacker with physical access to the phone could access a victim's information by connecting the Apple smartphone to a Mac or PC and gaining access to the device's file system. It's also believed that, once synced to a user's computer via iTunes – which automatically backs up devices –, an attacker could gain access to the sensitive information from the locally stored backup file.

According to a report by The Wall Street Journal, the flaw affected approximately 117,600 registered iPhone app users. A Citi representative told the news outlet that it has "no reason to believe that our customers' personal information has been accessed or used inappropriately by anyone".

The iPhone App, launched in March of 2009, provides access to a number of services for users with Citi accounts, ranging from balance enquiries and accessing their credit cards, to paying bills and transferring money while away from their computers. The latest 2.0.3 release (iTunes link) of Citi Mobile from the 19th of July addresses the issue and also contains several bug fixes. All previous versions are reportedly vulnerable and all users are advised to upgrade as soon as possible.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit