NY Times
After Citigroup on Monday discovered a potential security flaw in the Apple iPhone app that its customers use to access its Web site, the bank urged customers to upgrade to a newer version of the software, which it says will correct the problem.
In a statement, Citigroup said the original app accidentally saved information from a banking customer’s account into a hidden file on the iPhone. The statement from Citigroup was first reported by The Wall Street Journal.
Citigroup said the update “deletes any Citi Mobile information that may have been saved” to a customer’s iPhone or computer. The bank also said the update “eliminates the possibility that this will occur in the future.”
Although Citigroup was working with customers to fix the problem, the bank said it did not believe its customers’ personal information was affected. Citigroup also said the bug only affected iPhone users in the United States, though it did not say how many.
John Hering, co-founder of Lookout, a security company specializing in the protection of mobile phones from viruses and malware, said that the vulnerability of smartphones was a growing concern, and that Citigroup’s announcement shows how unsafe these devices can be.
“I think this just underscores the importance of making sure these devices stay safe and this isn’t a one-time problem either,” he said. “Mobile apps are often exposing more information than people realize.”
Mr. Hering and other security experts believe that the mobile industry is on the verge of some major security problems as more people use their phones for banking and other personal information.
“At this point, it’s not a matter of if, it’s a matter of when,” he said.
Although Apple says the iPhone is a safer environment than other mobile competitors because of the company’s strict rules about approving the apps it allows on the iPhone, bugs like this show that flaws can always make it onto a system, sometimes at the fault of the application’s owner.
“I think this is going to be the beginning of more and more applications that have this kind of problem,” Mr. Hering said. “I commend Citibank for staying on top of this, but in the next scenario it could be a much different story.”
In a statement, Citigroup said the original app accidentally saved information from a banking customer’s account into a hidden file on the iPhone. The statement from Citigroup was first reported by The Wall Street Journal.
Citigroup said the update “deletes any Citi Mobile information that may have been saved” to a customer’s iPhone or computer. The bank also said the update “eliminates the possibility that this will occur in the future.”
Although Citigroup was working with customers to fix the problem, the bank said it did not believe its customers’ personal information was affected. Citigroup also said the bug only affected iPhone users in the United States, though it did not say how many.
John Hering, co-founder of Lookout, a security company specializing in the protection of mobile phones from viruses and malware, said that the vulnerability of smartphones was a growing concern, and that Citigroup’s announcement shows how unsafe these devices can be.
“I think this just underscores the importance of making sure these devices stay safe and this isn’t a one-time problem either,” he said. “Mobile apps are often exposing more information than people realize.”
Mr. Hering and other security experts believe that the mobile industry is on the verge of some major security problems as more people use their phones for banking and other personal information.
“At this point, it’s not a matter of if, it’s a matter of when,” he said.
Although Apple says the iPhone is a safer environment than other mobile competitors because of the company’s strict rules about approving the apps it allows on the iPhone, bugs like this show that flaws can always make it onto a system, sometimes at the fault of the application’s owner.
“I think this is going to be the beginning of more and more applications that have this kind of problem,” Mr. Hering said. “I commend Citibank for staying on top of this, but in the next scenario it could be a much different story.”