back to article HSBC brands EVERY Apple iPhone 'an insecure PC'

HSBC's iPhone app for online business banking warns customers that their reassuringly expensive Apple mobiles are in fact PCs - and insecure ones at that. In a surprising cock-up, the bank's app incorrectly identifies the shiny phones as Windows PCs, and scolds fanbois for not having security watchdog software Rapport installed …

COMMENTS

This topic is closed for new posts.

Page:

FAIL

Not only iPhones

I get it on Ubuntu too. If I have time, I might try calling HSBC and say I'm having difficulty installing Raport - some light entertainment for the afternoon.

17
0
FAIL

Re: Not only iPhones

Any Linux in fact, but they've now made it worse as you have to get reminded every 8 days. I contacted them previously asking why they insisted on prompting me to download and install a product which doesn't run on my machine and they replied with some garbage about it being in the public interest. Are they telling me they can't set an opt-out cookie or detect my OS is one of those they provide the software for (assuming I don't refuse cookies and obscure my OS)?

6
0
Anonymous Coward

And this comes

From HSBC the money laundering bank.

7
2
Joke

Re: And this comes

No, it's the world's local money laundering bank!

8
1

Re: Not only iPhones

They did something similar in the last couple of years - I complained and was told it would stop pushing it after a few tries (IIRC I had to allow Firefox to save cookies for it to disappear).

0
0
Silver badge

Re: Not only iPhones

A rough guess off the top of my head is that 90% of Linux users are IT literate enough not to be fazed by the message, and to see it as a bit of a giggle as did 'My Alter Ego'. No great worries.

The other 10% might have a Linux box set up for them by a family member, for the purposes of online banking and maybe skyping grandchildren.

(Terrible generalisations, I know)

1
0

Their ads freak me out

Not just the ones with the creepy Chinese kids planning world domination, but that they put the same adverts on all the world's jetways. So the last thing you see before getting on a plane is an HSBC ad, then ten hours later you emerge, shattered, apparently in the same place.

1
0
Silver badge
WTF?

And the Euribor Interest Rate Fiddling Bank

You have to give them credit, where credit is due, these b*stards have put aside NINE-BILLION POUNDS to clean up their laundry business and they haven't even started looking at Euribor.

This is the world's largest criminal entity with branches all over the world''Now you can add blackmail, My Secure(sic)Key hasn't arrived so the said OK, you're OK until September.

Imagine my surprise, and extreme annoyance when, last Friday I couldn't access my account. The InterNet Banking mob said no money until you use Secure(sic)Key - and I'm in the Far East.

1
0
Silver badge

@Mad Jack

You're lucky they actually listened. When I tried to fix a problem with RBS's online banking a few years ago (it just kept refusing to allow me to log on even when using the correct credentials with someone watching over my shoulder to check I was doing it right), they just claimed that they did not support any OS other than Windows and OSX, and suggested I get another PC.

Turned out to be a bug in their code causing buttons to be off the screen, and also mis-handling the return key as a form completion action.

Eventually I did get put through to someone who knew a little about Linux (after having the access blocked and enabled at least three times), who was able to confirm that their login process was not working with Firefox on Linux. They did even fix it!

0
0

Is this really worth reporting?

C'mon El Reg. You've got better stories to report, I'm sure. Is it really that much of a slow-news-day?

1
15
Anonymous Coward

Re: Is this really worth reporting?

And you work for ..?

Yeah, thought so. Nice try, though.

6
2

Re: Is this really worth reporting?

Well it could serve as a good warning that the free fraud detection software being pushed is not even capable of identifying the client OS. I find this particularly interesting from an IT angle, not to mention that if people actually rely on this software and it stumbles at the low hurdle of stepping over the 1/2" threshold of installation then this is particularly worrying. Having worked in the software industry for a good while now, if your installation sucks donkey balls then your software is so full of bugs it probably cannot be considered a product.

So let's call this article a review from the wild in case any security folks are considering a purchase. Purchase product, create false sense of security, and effectively increase fraud and support calls.

3
0

Re: Is this really worth reporting?

At least it actually has an IT angle.

0
0
Silver badge
FAIL

Re: Is this really worth reporting?

"...their reassuringly expensive Apple mobiles..."

"...the shiny phones..."

Ms Leach is, yet again, attempting to be the one who mocks Apple most in what I can only imagine is some desperate attempt to be promoted to the role of journalist.

Perhaps she should open a dictionary and look up "objective", and "unbiased" first.

3
4
Go

attempting to be the one who mocks Apple most

A very popular activity amongst the IT and IP literate.

1
2
Silver badge
Trollface

Re: attempting to be the one who mocks Apple most

I assume by IT and IP literate you mean of course, those who just read about IT & IP (or have it read to them) rather than those who just happily get on using the technology...

2
1
Stop

Re: Is this really worth reporting?

"Ms Leach is, yet again, attempting to be the one who mocks Apple most in what I can only imagine is some desperate attempt to be promoted to the role of journalist."

And perhaps you might read The Register for a while longer and realise that they are equal-opportunities mockers. It's not just Apple - they'll mock anyone. It's their house style, just as much as trendy leftiness and muesli-knitting is the house style of The Guardian, or reactionary hating of minorities and foreigners is the house style of the Daily Mail.

They could put it on the masthead: "The Register: They code. We mock." It's what makes it worth reading.

6
1

This post has been deleted by its author

Silver badge
Holmes

@ Magnus Ramage (Re: Is this really worth reporting?)

Disingenuous - even sophistry.

So if HSBC assumes a PC running windows, cue mocking of Apple & Apple users.

No mockery of Linux in its various incarnations?

No mockery of Linux users?

No mockery of Android?

No mockery of Android users?

Equal mockery?

PS

I've been reading The Register for over 10 years, so perhaps your patronising could be addressed at the same time as your sophistry.

2
3

Re: @ Magnus Ramage (Is this really worth reporting?)

Apologies for being patronising. I guess I've been reading the Register for about the same length of time. No harm intended. Nonetheless, I do think they're pretty even-handed in their mocking. But I don't use Apple products (not because I don't like them, I just can't afford them) so I'm not especially sensitive to their treatment.

0
0
Silver badge
FAIL

Re: Is this really worth reporting?

"Ms Leach is, yet again, attempting to be the one who mocks Apple"

Maybe you missed the Reg motto at the top of the page?

"Biting the hand that feeds IT"

2
1
Bronze badge

In an surprising cock-up

Indeed!

0
0
Anonymous Coward

Time for tubby bye byes...

So HSBC want me to "download" some random software despite the fact that I have

1. No idea if this will impact on any other software that I have installed (or indeed includes some unknown holes that will place other areas of my on line activity at risk, and

2. ignores the fact that I have very good anti virus and anti spyware/malware software installed and with which I sweep my machine regularly.

Not the first HSBC annoyance. the new generation ATM they installed at my local branch is the only one that I am aware of on our high street that DOESN'T have a facility for ATM Deposits. Inquiries in branch suggest that they have been told that deposit accepting machines are no longer available from the manufacturers... and the helpful suggestion that there is a lobby service 20 miles (and a toll bridge crossing) from me.

HSBC is looking increasingly inept and disconnected from the real world - it is probably time for me to move my account to a better bank.

13
0
Anonymous Coward

Re: Time for tubby bye byes...

LMFTFY

HSBC is incredibly inept and disconnected from the real world - it is probably long past time for me to move my account to a better bank

Funnily enough I was telling the missus last night that I was going to move the joint account to another bank. HSBC have been horrific for years now (especially when it comes to charges) so I've been moving everything over to other banks. They're all pretty poor, but some are worse than others.

4
0
Anonymous Coward

Re: Time for tubby bye byes...

t is probably time for me to move my account to a better bank

If you have a business a/c you should have done that long ago - any criminal can trick HSBC into giving your money away to them by simply changing your Companies House records - they don't even need to be on the account mandate..

0
0

Re: Time for tubby bye byes...

the Question is, where do we move our accounts?

I have moved mine twice in the last 2 years because of the crap service and silly charges certain banks impose. You then have others trying to fiddle things. Where would our money be safe?

They also need a more standardised moving procedure. Yes I know it is much easier now than it was but I should be able to move it as if I was changing braodband suppliers.

0
0

Re: Time for tubby bye byes...

Go with the Co-op. I switched to them years ago from HSBC, and have been immensely impressed. Although, they do still bug me about that Rapport crap. I'm not installing a pointless, deeply-rooted resource hog with low-level access on my machines. Good basic AV + non-IE browser + big pile of common sense = safer banking. And if anyone mentions Linux I'll slap them.

7
3

Re: Time for tubby bye byes...

They don't even need to do that - they just phone up pretending to be a director and give information freely available from companies house as 'proof'.

I know a company this happened to.. I'd not be suprised if it was common.

1
0

Re: Time for tubby bye byes...

Indeed.. they tout rapport as the saviour of your bank account but don't for one moment say what it actually is or does. It's not getting anywhere near any of my machines without that. I'm guessing it's something like a cookie-less browser.

3
0
Childcatcher

Re: Time for tubby bye byes...

However, as a loyal Coop/Smiler for the last decade, they've been promoting Rapport every time I log in. Did so once on my Mac and the spinning ball of death was a constant companion until i disabled it. Surely easier to suggest people have good virus protection and go banking over Tor or something of that ilk??

0
0
src

Re: Time for tubby bye byes...

Skip the front page and go straight to:

https://banking.smile.co.uk/SmileWeb/start.do

Avoids the annoying Rapport nags.

1
0
Silver badge
Thumb Up

Re: Time for tubby bye byes...

I use a Mac Pro, and have had Rapport installed since it was first recommended by the Co-Op. Naturally I checked it out thoroughly before installing it, but I'm happy to do so as any assistance given in keeping assorted Romanians, Russians etc., away from my hard-earned is welcome.

No, it seems to have no adverse impact at all on the operating speed of my Mac - but of course, YMMV according to your individual config.

0
0
Silver badge

Re: Time for tubby bye byes...

Funnily enough the only British bank that hasn't managed to piss me off for the last 20years is First Direct - ironiclly owned/part of HSBC.

ps. HSBC is even more incompetent here in the colonies. The world's favourite bank - in the same way that Malaria is the world's favourite parasite.

1
0
FAIL

+https fail

The update also seems to include https://www.hsbc.co.uk using javascript to load resources over http. Which causes Firefox and Chromium to show some "page not secure" type warnings.

I tried to use their complaint and contact forms to tell them, but they just gave error messages.

2
0
Gold badge

At least a bank..

.. where IT delivers for the business: both equally inept.

wonder if they have taken on staff recently. RBS staff :)

0
0

Is this the same Rapport...

... that was flagged up for having some gaping security flaws itself a few months back?

Santander nag about it too, but a little more smartly by the sounds of it, so on my desktop I have (for their site) been able to set the browser agent appropriately so as for them to believe it incompatible - which strictly speaking it is anyway, since AFAIK Rapport does not run on Iron, only pukka Chrome.

3
0

Re: Is this the same Rapport...

Yes. I was at a security conference last year where there was a session on it. Avoid Rapport like the plague. I'd change banks rather than install it.

4
0

Re: Is this the same Rapport...

Yep it is annoying that Santander do this too.

It shows on Linux and even if I hit the main site on a Nokia Symbian phone (not the m. mobile site).

I can't install it on the work machine, I wish there was an option to not show this message again.

According to the pedia of wiki (ie. pinch of salt but nonetheless...):

"Some users have reported problems with Rapport, including high CPU utilisation and difficulty in removing the software.[10] Recently, updates made to Rapport have caused user machines to fail at boot-up with a Blue Screen of Death; the problems are resolved by renaming the file RapportEI.sys.[10]

In a recent presentation given at 44con, bypassing Trusteer Rapport's keylogger protection was shown to be relatively trivial."

3
0
Silver badge
Coat

Re: Is this the same Rapport...

The Rapport software checks that you are using the real HSBC website and not a fake.

But what checks that you're using the real Rapport software and not a fake?

They obviously haven't thought this through!

3
0
Gold badge
Mushroom

Re: Is this the same Rapport...

What they don't tell you is that most of the shitheads pushing this POS have a little trick up their sleeves. Once they've detected it being used the first time, any subsequent attempt to connect from a machine lacking it gets the Foxtrot Oscar treatment. Trying to get your account "unblocked" afterwards is like attempting to climb the North Face of the Eiger in clogs and mittens.

Or in other words:

1) It's a bloated, poorly written clog.

2) It hides itself deep in the OS.

3) You can't uninstall it without breaking something important.

4) Trying to uninstall it merely proves that the uninstall process is b0rken.

5) It throws false positives around like confetti. All time favourite example of this was when a relative who'd been strongarmed into using it found it flagged and disabled the BT Broadband client driving their old skool ADSL modem at the time. So they could access their bank "safely", if they'd been able to access the internet at all......

Ticks all the boxes to qualify as malware for me. Makes Sony's world-famous DRM system look like a shining beacon of best practice by comparison.

As Trusteer seem to have managed to get many of the major banks to sign up to their shit, I can't help thinking that if they spent half as much money and effort on their software as they obviously do on sharp-suited sales weasels, schmoozing clients and backhanders, they might have a decent product......

2
0
Flame

"it is probably time for me to move my account to a better bank"

Why? If they can keep the mafias money safe then they are probably a better bet than any other bank.

RBS goes down, we pay them out and they get 6 figure bonuses.

HSBC goes down they end up face down in the river

Hmmm, I wonder who has the best incentive to do their bloody job right?

4
0
Anonymous Coward

Rapport indeed!

A nightmare to uninstall as it blocks VNC to a black page the moment you attempt to uninstall it...

Avoid and change banks..... they'll soon learn.. or not....

3
0
Silver badge

Hardly seems like the end of the world

I assume they have some kind of user agent sniffer which looks for some string which says rapport is there and if it's not redirects the user to a warning page. Of course, if the sniffer was doing its job properly it would ignore people whose OS was not Windows or Mac, or at least direct them to a more relevant warning to their platform.

0
0
FAIL

Crapport

I've had to uninstall this POS software from several customer PCs simply because it slows them to a crawl - even a recent quad-core machine was almost unusable. Once the software was removed it felt like a new PC.

1
0

This post has been deleted by a moderator

Silver badge

Re: Rapport Software

I hear it can also remove the staples that keep the tinfoil fastened to your head.

Rapport is just crapware which makes itself hard to extricate to prevent trojans from disabling or removing it. No need to imagine any deeper conspiracy than that.

2
1
Silver badge
Trollface

Re: Rapport Software

Well gee, if you are sure then maybe I should do as you say as I am just an uninformed moron.

Oh, hang on wait a minuet that;s not me, that's you!

0
0

Re: Rapport Software

"I hear....." - why not look at the software yourself rather than rely on here-say.

It is Israeli software and it is insecure. I have audited it myself and it can be disabled, you can bypass the key logging features and you can dump IE process memory - it also runs on the gateway at the bank meaning from that end they can deploy malware to your PC via IE, they can exploit vulnerabilities in IE and effectively take control of your browser since their "plug-in" runs as SYSTEM. Don't believe me? I don't care - enjoy eating your staples and supporting the Zionist regime.

2
4
Silver badge
FAIL

Re: Rapport Software

Indeed, HSBC, founded in 1865, by a zionist Scotsman, living in Hong-Kong, the well-known outpost of Zion. Meh.

You are aware, are you not, that the very use of the word zionist marks out out instantly as a nutjob?

4
1

This post has been deleted by a moderator

Page:

This topic is closed for new posts.

Forums