.

Citi Discloses Security Flaw in Its iPhone App

<<

morpheus063

User avatar

Sr. Member
Sr. Member

Posts: 393

Joined: Sun Jun 25, 2006 10:08 am

Location: Cochin - India

Post Mon Jul 26, 2010 10:53 pm

Citi Discloses Security Flaw in Its iPhone App

Citigroup Inc. said its free U.S. mobile-banking application for Apple Inc.'s iPhone contained a security flaw and advised its customers to upgrade to a newer version that corrects the problem.

In an incident that highlights the growing security challenges around wireless apps, Citi said its iPhone app accidentally saved information—including account numbers, bill payments and security access codes—in a hidden file on users' iPhones. The information may also have been saved to a user's computer if it had been synched with an iPhone.


Read more about it here
Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

[b]There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Tue Jul 27, 2010 7:23 am

Re: Citi Discloses Security Flaw in Its iPhone App

'accidentally saved information'

I'm sorry... as big as Citigroup is, and with all of the attention they're already getting, it's ridiculous that someone hadn't tested and seen this, previously.  When you're dealing with portable devices, and banking industry security, standards and regulations, IMHO there's absolutely NO excuse for this type of 'accidental oversight.'

Said programmers should be 'accidentally' let go...
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Knb15

Jr. Member
Jr. Member

Posts: 50

Joined: Tue Feb 23, 2010 10:18 am

Post Tue Jul 27, 2010 9:54 am

Re: Citi Discloses Security Flaw in Its iPhone App

"The bank doesn't believe any personal data was exposed by the flaw."

"We have no reason to believe that our customers' personal information has been accessed or used inappropriately by anyone,"

In addition to what hayabusa said, i really doubt that during the time that this app has been released and now, that no one else found this vulnerability and perhaps accessed or used it.
<<

yatz

Full Member
Full Member

Posts: 222

Joined: Tue May 25, 2010 2:58 pm

Post Tue Jul 27, 2010 10:57 am

Re: Citi Discloses Security Flaw in Its iPhone App

hayabusa wrote:'accidentally saved information'

I'm sorry... as big as Citigroup is, and with all of the attention they're already getting, it's ridiculous that someone hadn't tested and seen this, previously.  When you're dealing with portable devices, and banking industry security, standards and regulations, IMHO there's absolutely NO excuse for this type of 'accidental oversight.'

Said programmers should be 'accidentally' let go...


I was thinking the same thing when I read the article.  How can the data be accidentally saved?
"Live as though you would die tomorrow, learn as though you would live forever."

CCNA, MCSA, MCTS, Sec+, Net+, Linux+, CEH

Return to News from the Outside World

Who is online

Users browsing this forum: No registered users and 2 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software