Download Free
Learn MoreCitigroup Discloses Security Flaw in Mobile Banking App
Citigroup recently notified it’s U.S. customers that there was a security flaw in their iPhone mobile banking application that may have stored customer information including account numbers, bill payments and security access codes. The customer data was being saved in a hidden file on the users’ iPhone. If the user synced their iPhone with a PC, their banking information could have also been saved to that computer as well. Citigroup said it did not believe its customers’ personal information was accessed or used inappropriately and that this only affected iPhone users in the U.S. We commend Citigroup for staying on top of the problem, getting a fix out and appropriately notifying users. The Wall Street Journal first reported the news in an article today on Citigroup’s mobile banking iPhone app.
If you are a Citibank customer and have used the iPhone app, you should:
- Upgrade to the new version of their iPhone software
- Change your banking password
- Double check your bank account for any unusual behavior
This is only the beginning of a trend we’ve started to see with developers inadvertently exposing sensitive data. Mobile apps can expose more information than people realize.
Today’s news is very timely, as Lookout security researchers get ready to discuss security flaws of mobile apps at the Black Hat conference this week. More news to come, so stay tuned.
© 2012 Lookout, Inc. All rights reserved. Patents pending.
[...] Fargo, Bank of America and USAA’s Android apps are very similar to the security flaw announced by Citibank in July. The banking apps stored sensitive data on a phone’s memory which could be accessed by an [...]