Ubuntu
icedtea-web package

Fails to load "NemId" internet banking login applet ("Invalid checksum occurred")

Bug #1096127 reported by Rune K. Svendsen
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Iced Tea
Invalid
High
icedtea-web (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

When going to the site https://www.portalbank.dk/6610/ the plugin on the site fails to load. I'm attaching the terminal output from firefox to the report.

Other plugins, like the Java test applet http://www.java.com/en/download/testjava.jsp works fine on the system.

The hardware in question is the Samsung ARM Chromebook.

ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: icedtea-7-plugin 1.3-1ubuntu1.1
Uname: Linux 3.4.0 armv7l
ApportVersion: 2.7-0ubuntu2
Architecture: armhf
Date: Fri Jan 4 17:45:32 2013
MarkForUpload: True
SourcePackage: icedtea-web
UpgradeStatus: Upgraded to raring on 2012-12-15 (19 days ago)

See original description
Revision history for this message
Rune K. Svendsen (runeks) wrote :
Rune K. Svendsen (runeks)
description: updated
Revision history for this message
In , Rune K. Svendsen (runeks) wrote :

Created attachment 814
firefox terminal output

This bug occurs in Firefox running in Ubuntu (armhf) on a Samsung ARM Chromebook.

Steps to reproduce:
Go to the site https://www.portalbank.dk/6610/

What happens:
The plugin on the site fails to load. Errors in the terminal output mention "Invalid checksum occurred".

Please let me know if there are additional steps I can take to help diagnose this issue (as I realize not everyone has armhf hardware available, which may be why this bug happens).

Bug Watch Updater (bug-watch-updater)
Changed in icedtea:
importance: Unknown → High
status: Unknown → Confirmed
Revision history for this message
In , Rune K. Svendsen (runeks) wrote :

Upon further research, it appears that the applet in question loads x86-specific binaries for execution.

The file DanID_Applet.jar contains an x86 ELF file disguised as a GIF file:

    error.gif: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=0x24d556c0242ff5b0f28d097a920c4f82d6e89aca, not stripped

Apparently this collects various system information to create a "checksum" that is sent to the bank and logged.

Revision history for this message
Rune K. Svendsen (runeks) wrote :

Upon further research, it appears that the applet in question loads x86-specific binaries for execution.

The file DanID_Applet.jar contains an x86 ELF file disguised as a GIF file:

    error.gif: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=0x24d556c0242ff5b0f28d097a920c4f82d6e89aca, not stripped

Apparently this collects various system information to create a "checksum" that is sent to the bank and logged. This obviously fails on an ARM system.

Changed in icedtea-web (Ubuntu):
status: New → Invalid
Bug Watch Updater (bug-watch-updater)
Changed in icedtea:
status: Confirmed → Invalid
Revision history for this message
Josef Assad (josefassad) wrote :

ARM might consider lodging a complaint with the Danish ombudsman.

http://en.ombudsmanden.dk/om_at_klage/

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.