Money Watch – Personal Finance Blog

Citigroup Admits Security Flaw In iPhone App

Citi mobile

US bank Citigroup has admitted that it has a security flaw in its iPhone app and is urging its users to upgrade to the latest version.

The problematic version of the Citi Mobile app saved a hidden file to the users iPhone which included account numbers and crucially login codes which could potentially be accessed by a third party, which would be most likely if they had physical access to the iPhone, but it could potentially be accessed by a rogue app. The file could also be transferred onto a user’s computer if they synchronised the two devices, leaving a further copy sitting around.

Whilst Citigroup say that they’re not aware of any breaches of security because of the flaw, they’ve moved to update the app following a “routine security review”, and the new app deletes the file and prevents any more hidden files being created. It’s thought that nearly 120,000 users will need to update the app.

Security

As the development of mobile banking gathers apace, it’s important that security is kept at the forefront of the developments. It looks as if Citigroup may have added some of their own code to the app, which was developed by a company called mFoundry, who have developed apps for 150 other banks, none of which have had any similar problems.

The Citigroup app allows customers to check their balances, transfer funds and pay bills, and was 11th on the US iTunes chart for finance apps. It’s likely to hit the top of that chart as users rush to download the safe version of the app.

Exit mobile version