Citigroup admitted yesterday that its iPhone app had stored sensitive data in a hidden file on the smartphone, raising fears about the security of mobile banking.
The US bank said a flaw in the original application resulted in information including account numbers, transaction data and security codes being stored on the iPhone, and could have been transferred to customer’s PCs when they synched their device.
It has corrected the problem in an updated version of the application, and has contacted the 117,600 customers affected to advise them to download the latest version, which automatically deletes account information from the smartphone, WSJ.com reports.
While the bank said it didn’t believe any of the data gathered has been misused, the revelation will heighten concerns over the security of mobile banking.
The worry is that hackers might exploit the ability to hide data on a smartphone to secrete malicious code capable of retrieving sensitive data.
John Hering, co-founder of security firm Lookout, predicts more security problems with smartphones in future, telling the New York Times that mobile apps often expose “more information than people realize.”
Yesterday the United Arab Emirates revealed it is considering banning RIM’s BlackBerry devices because they pose a risk to national security by storing data offshore, the BBC reported.