Are you an iPhone user? Don’t copy-paste your card number or passwords. Other apps can steal your data from the clipboard

Apple often boasts about the level of data protection and security of its devices. While the cybersecurity community recognizes the firm’s efforts and its superiority in encryption and privacy over its counterparts, the firm is not completely safe from security flaws. A team of researchers has reported the finding of a vulnerability that allows the interception of personal data stored on various iPhone or iPad models.  

When a user copies any information, it is stored on Apple‘s general pasteboard (usually known as a clipboard). According to the report, any application can access this information temporarily stored on the clipboard, so users are exposed to the leaking of sensitive data such as location, online profile access passwords, and banking details.

Apparently, all iOS apps have unlimited access to the general clipboard. A user could unintentionally expose their sensitive information (such as location data) to other apps by simply copying/pasting a photo taken with the device’s camera, thanks to the image metadata, mentioned by data protection specialists.

To prove their finding, the researchers developed a proof-of-concept app called KlipboardSpy and an iOS widget called KlipSpyWidget. This test app does not have access to the target device’s location data; however, the specialists were able to extract this information using the method described above.

The app is installed just like any other iOS tool

When you paste the photo into the app, the tool will return the photo’s location data

Specialists say the report was sent to Apple from last January. However, the company’s data protection team responded that this error could not be considered a serious vulnerability, as its operating systems are designed to allow any application to access the clipboard only when apps are working in the foreground.  

In this regard, the International Institute of Cyber Security (IICS) believes that Apple should not allow apps to access the clipboard without restriction, such as the express consent of the user. The operating system should only expose the contents of the clipboard to an application by prior confirmation, as sometimes users are not aware of the contents of this tool.