Beware, mobile bankers: Citigroup is encouraging Apple iPhone owners who downloaded the company's mobile banking app to upgrade to a patched version after a security flaw was found.
Banking giant Citigroup and iPhone maker Apple are encouraging users who
downloaded Citi's banking application for the smartphone to upgrade to a new
version after a security flaw was discovered in the application. The flaw
accidentally saves personal information, including access codes, bill payment
information and even bank account numbers, onto the iPhone or any computer it
has been synchronized with.
"During a recent review, we discovered that our U.S. Citi Mobile iPhone
banking app was accidentally saving information related to customer accounts in
a hidden file on their iPhones," the company announced in a statement.
"This information may also have been saved on their computer if they had
been synchronizing their iPhone with their computer via iTunes."
The Wall Street Journal reported
approximately 117,600 customers has been affected by the flaw since the app was
launched in Apple's App Store in March 2009, although the paper's unnamed
source said no personal data was exposed. "We have no reason to believe
that our customers' personal information has been accessed or used inappropriately
by anyone," the paper quoted the company as saying.
The paper also interviewed the CEO of
mobile security specialist Lookout, John Hering, who warned that hackers could
exploit flaws in banking applications in order to retrieve, and then exploit,
personal information downloaded by the app. Many consumers, who may download
multiple apps casually, may not be aware to what level of risk they are exposed,
he said. "Most consumers and app developers don't know what is happening
in their apps, because it is moving so fast," Hering told the Journal.
"Apps are proliferating so quickly. We will see more and more of
A recent survey by audit, tax and advisory firm KPMG found 19 percent of U.S.
consumers have conducted banking transactions on a mobile device, compared with
only 9 percent when the company last completed the survey 18 months ago. Among
age groups, U.S.
consumers age 16-24 conduct mobile banking the most, with 33 percent of the
respondents in this bracket indicating they have conducted banking on a mobile
device. Among all U.S.
respondents who have not conducted banking through a mobile device, 52 percent
cited security and privacy as the primary reason.
In addition, a March survey released by mBox found mobile banking gained a
significant foothold in the U.S.
markets. The survey found 25 percent of U.S.
mobile phone users and 37 percent of U.K.
mobile phone users have adopted mobile banking services.
Nathan Eddy is Associate Editor, Midmarket, at eWEEK.com. Before joining eWEEK.com, Nate was a writer with ChannelWeb and he served as an editor at FierceMarkets. He is a graduate of the Medill School of Journalism at Northwestern University.