The WSJ has just reported the Citigroup said they have a security flaw in their iPhone application.
Citigroup told its U.S. mobile banking customers they should upgrade to a new application designed for Apple’s iPhone after the bank’s original version was found to have a security flaw.
Citi said its iPhone app accidentally saved personal account information in a hidden file on users’ iPhones. Information that may have been stored includes account numbers, bill payments and security access codes. Full article.
Lesson One: As I’ve written many times, regularly upgrade your software.
Of course in 2010 it’s more than just upgrading your software on your computers but you should regularly upgrade and get notices of any financial or other applications on your smartphone that you use for any personal or financial information (flights, children’s information, medical records, etc, etc).
Lesson Two: Only Download Apps from Reputable Sources/h2>
The mobile app more is already crowded and will continue to be crowed with companies, ones dedicated to making apps, and everyone else (banks, airlines, media companies, all of us) making apps for the audiences/customers of our respective businesses.
Be careful. That cool financial app you are using could be powered by a ring of hackers.
Lesson Three: As you program applications do a security audit
As you program, or more than likely hire someone to create an application for you ensure that it is as secure as possible and has as few “holes” in it for hackers to manipulate and steal user’s information.
Citigroup has lots of money and they messed up. Don’t feel hopeless but let this issue energize you to be even more vigilant in the apps you create.