Citi Discloses Security Flaw in Its iPhone App

Viewing 3 reply threads
  • Author
    Posts
    • #5390
      morpheus063
      Participant

      Citigroup Inc. said its free U.S. mobile-banking application for Apple Inc.’s iPhone contained a security flaw and advised its customers to upgrade to a newer version that corrects the problem.

      In an incident that highlights the growing security challenges around wireless apps, Citi said its iPhone app accidentally saved information—including account numbers, bill payments and security access codes—in a hidden file on users’ iPhones. The information may also have been saved to a user’s computer if it had been synched with an iPhone.

      Read more about it here

    • #34077
      hayabusa
      Participant

      ‘accidentally saved information’

      I’m sorry… as big as Citigroup is, and with all of the attention they’re already getting, it’s ridiculous that someone hadn’t tested and seen this, previously.  When you’re dealing with portable devices, and banking industry security, standards and regulations, IMHO there’s absolutely NO excuse for this type of ‘accidental oversight.’

      Said programmers should be ‘accidentally’ let go…

    • #34078
      Knb15
      Participant

      “The bank doesn’t believe any personal data was exposed by the flaw.”

      “We have no reason to believe that our customers’ personal information has been accessed or used inappropriately by anyone,”

      In addition to what hayabusa said, i really doubt that during the time that this app has been released and now, that no one else found this vulnerability and perhaps accessed or used it.

    • #34079
      yatz
      Participant

      @hayabusa wrote:

      ‘accidentally saved information’

      I’m sorry… as big as Citigroup is, and with all of the attention they’re already getting, it’s ridiculous that someone hadn’t tested and seen this, previously.  When you’re dealing with portable devices, and banking industry security, standards and regulations, IMHO there’s absolutely NO excuse for this type of ‘accidental oversight.’

      Said programmers should be ‘accidentally’ let go…

      I was thinking the same thing when I read the article.  How can the data be accidentally saved?

Viewing 3 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?