Mac News: Mobile Security: Citigroup Upgrades Careless iPhone Banking App

Citigroup Upgrades Careless iPhone Banking App

By Sidney Hill
MacNewsWorld
07/27/10 10:12 AM PT

Sensitive personal banking information was basically left lying around due to a flaw in Citigroup's iPhone app. The bank maintains that no one suffered any loss and that there was no "data breach," even though anyone who picked up an iPhone using the app -- or a computer that had been synched with it -- could have accessed "secret" files containing the information. Citi has released a secure upgrade.

Rewriting the Startup Handbook
Starting up a new software company is not very hard, but making it successful requires a willingness to remake old rules to fit the Internet age. Getting venture capital or angel investor funds starts with nailing your story. [Download PDF: 5 pgs | 162k]

Citigroup (NYSE: C) customers who do mobile banking on an iPhone should head to the Apple (Nasdaq: AAPL) App Store immediately for an upgrade.

A flaw in the Citigroup mobile banking iPhone app released in March 2009 causes personal information to be saved in a hidden file on the mobile device, the banking giant revealed in a letter to customers dated July 20, a day after it released an upgraded application.

Without the upgrade, customers' personal data -- including account numbers, bill payment information and access codes -- is saved on the iPhone. This data also may be saved on customers' computers when synched with their iPhones using iTunes, Citigroup said.

'No Data Breach'

Roughly 117,000 of Citgroup's estimated 800,000 mobile banking customers are believed to have been impacted by the flaw, but the company contends no customers suffered a financial loss because of the glitch.

"We have no reason to believe that our customers' personal information has been accessed or used inappropriately by anyone," Natalie Riper, a Citigroup spokesperson, told MacNewsWorld. "In other words, there has been no data breach."

Even if no Citigroup customers suffered financial harm, this incident highlights the growing need for security around mobile devices as more users rely on smartphones to do everything from managing email to organizing their finances.

Secure Your Devices

The Citi Mobile app, which ranks 11th in popularity in the Apple App Store's finance category, allows customers to check account balances, transfer funds and pay bills.

If that type of information were saved on an iPhone -- or any other mobile device -- it would be easily accessible to anyone who picked up the device, according to Jamz Yaneza, threat research manager at Trend Micro (Nasdaq: TMIC).

"Any device is a potential target [for people looking to steal personal data] when you consider how much data people store on them these days," Yaneza told MacNewsWorld. "You have banking apps, browsing history, office documents, emails, pictures and notes being stored on mobile devices. That's a treasure trove in the wrong hands."

Read the Fine Print

Keeping data from traveling from your mobile device into the wrong hands requires the same attention to security that users generally give to desktop and laptop computers, Yaneza declared.

"There are many things users can do to protect their mobile devices, and most of them are common sense," he said.

First, turn on the device lock. "That's why it's there," he admonished. Second, recognize what content is in your device, and "treat that content as if you were carrying it in your wallet instead of your mobile device. If it's important, don't leave it lying around."

Finally, be careful about the applications you install, even if they come from trusted sources like your bank, Yaneza advised.

"Before running a banking application, make sure your financial institution guarantees privacy and the same loss protection that comes with traditional online or teller transactions," he said. "Read the application's fine print."

Next Article in Mobile Security

New Worm Gives Jailbroken iPhones the Ol' Rickroll
November 10, 2009

The Internet prank known as "Rickrolling" has made its way to iPhones in the form of a worm that infects jailbroken versions of the device. The worm is more annoying than harmful -- it even appears to lock the door behind it, preventing similar attacks from slipping in. However, security pros are concerned that a hacker with malicious intentions may exploit the vulnerability the worm highlights.

More by Sidney Hill

What Sort of Game Is Google Playing?
August 31, 2010

Google has been picking up social gaming companies of late, with SocialDeck the latest addition to its collection. Having achieved less-than-stellar success with its Buzz social networking platform, is Google planning to take a shot at Facebook by luring social gamers to a new site? Or is it more likely on a quest for domination of the mobile Web?

The DMCA Ruckus: Lots of Gnashing, No Teeth
August 27, 2010

"The technology used to protect copyrighted material is not meant to be a silver bullet," said Keith Kupferschmid, senior vice president, intellectual property, for the SIIA. "It basically keeps honest people honest. The real hackers -- people who want to circumvent or decrypt something to get to the underlying copyrighted work -- they are going to do it no matter what type of technology is used to protect."

Why Amazon's Cagey About Kindle Sales
August 26, 2010

Amazon is touting sales of its latest Kindle e-readers, but the company steadfastly refuses to provide any actual figures. Based on analysts' best educated guesses, it appears Kindle sales are a mere flicker compared to the iPad's roaring success, so that could explain the company's reticence. However, the device sales may not matter as much to Amazon as the spread of Kindle software and sales of e-books.

[Search More...]

Apple	Activate Alert \| Search Archives

Trend Micro Inc	Activate Alert \| Search Archives