Your bank data may be at risk if you use an iPhone
If you haven't updated your iPhone recently, your personal information'and possibly your financial data'is at risk.
Apple issued a fix last week for a security flaw in its OS X operating system for iPhone, iPad and iPod. The flaw shook developers, but many users haven't downloaded the update and remain vulnerable, said Jake Fuentes, co-founder and CEO of Level, a personal finance app for iOS and Android.
As of Wednesday, he said, only 20 percent of Level's users had updated to the latest version of iOS.
The flaw is a particular threat to those who use their device for banking transactions, said Fuentes, as it enables encrypted information to be swiped while being sent to a server. Data can be intercepted if you, for example, check your banking app or another one with access to sensitive information.
"We are in a situation where we have a fairly widely known and easily exploitable security vulnerability," he said. "We don't how much of it is being accessed, but data like your contact information, banking passwords and a lot of other things that people thought was safe, isn't."
Though the security problem is on Apple's end, app developers are concerned because anything that is communicated via their product is in jeopardy, according to Subu Ramanathan, the principal consultant at Security Compass.
The only fix is to install the latest security patch, which Apple released Feb. 21.
Apple did not respond to a request for comment.
Level, a money tracker that accesses users' banking information, is requiring that users update their OS before they can use the app'a necessary step, according to Fuentes.
Wherever the vulnerability is, he said, "it is our responsibility as a custodian of our clients' information to make sure their information is secure. ... We would much rather our app be secure and take a hit in usership than put our users' information at risk."
Larger financial institutions should begin rolling out fixes soon, according to Ramanathan.
"Because of the gravity of the situation, it's definitely something that is on the books for them," he said. "The turnaround time is a lot slower for a bank than a smaller app."
Even though the security patch was issued a number of days ago, app developers may be unaware of the problem's severity or not think the data communicated via their app is sensitive enough to force users to update their software, Ramanathan said.
"This is a pretty complex issue. It's a lot more technical and hard for nontechnical people to grasp," he said. "It's essentially an awareness problem, but by the time the awareness comes around, it might be too late."
More information at: www.cnbc.com