Citigroup states its iPhone app puts customers at risk
Warning: contents include account details
Posted in Security, 27th July 2010 00:00 GMT
Free whitepaper – The Reg Guide to Solutions for the Virtual Era
Citigroup is urging customers who use their iPhones for on-line banking to immediately upgrade to a new version of the application because a security weakness in the the old one puts them at risk.
In a letter, the US banking giant stated the Citi Mobile app saved user information in a hidden file that could be used by attackers to gain unauthorized access to on-line accounts. Personal information stored in the file could include account numbers, bill payments and security access codes, according to The Wall Street Journal, which reported the vulnerability earlier.
There are no reports of anyone exploiting the weakness, but Citi stated it was possible someone could access the file either after it was saved onto an iPhone or when it was copied onto a PC or Mac after synchronizing with the Apple smartphone. The easiest way to read the file would be to gain physical access of a lost or stolen iPhone, but it might also be possible to get a hold of the information by exploiting a separate vulnerability on the handset or computer.
An update Citi issued last week securely deletes the file and prevents the mobile application from creating new ones in the future.
The incident is the latest to give smartphone users pause about the explosion of apps available for their mobile devices. Last week, Apple pulled a title from the iPhone App Store after discovering it contained a secret feature that granted it to be used as a computer modem. If App store entries can include tethering, or other features forbidden by mobile operators, it may also be possible for to hide undocumented attack code that steals user data, security researchers have said. ®
Free whitepaper – The Reg Guide to Solutions for the Virtual Era
Other Post:
- MSI CR410 14-Inch Multimedia Notebook
- HP Mini 210 Netbook Unboxing Video
- iPhone 4 Will Be Offered by 3UK As Well
- Researchers state Web app password crack could affect millions
- Daniusoft DVD to iPod Converter for Mac
- Assassin’s Creed: Brotherhood Review via iOS Apps
- Nikon D3100: Announced, previewed
- Google, China look for way to coexist after six months of public battles
- Greenpeace targets Apple with 10-foot Pod stunt
- Tech industry climbs out of Silicon Valley, moves abroad
Details :
Submited at Tuesday, July 27th, 2010 at 5:00 am on News by admin
Comment RSS 2.0 - leave a comment - trackback
