Is anything private anymore? This is the question many are asking after the Apple users discover not even their clipboard is safe from third parties.
Copy and Paste Clipboard
This week, Apple is under fire for a recent discovery that has iPhone and iPad users up in arms. What is the discovery you may ask?
To elaborate, researchers discovered in a security demo that all the apps on your Apple device can view your system clipboard. In other words, anything you copy and paste through IOS is accessible to a third party.
Now, why is this such a concern? As simple as it seems, apps can use this information to gain more knowledge and background on the user. The data collected in that period can then be used in a number of ways. For example, apps could use the clipboard information to gain access to information like cell phone numbers or addresses.
From there, the list of possibilities can go on and on as to what could happen if the apps access your clipboard.
How it Works
To begin, now that you have a better understanding of what the copy and paste snooping ploy, let’s take a look at how it actually works.
First off, researchers from Mysk were the ones who made the discovery of the exploit. For an in depth breakdown of the vulnerability, click here.
Otherwise, here’s the basic breakdown on the clipboard issue. The following quote comes directly from Mysk, regarding the issue.
“iOS and iPadOS apps have unrestricted access to the systemwide general pasteboard. A user may unwittingly expose their precise location to apps by simply copying a photo taken by the built-in Camera app to the general pasteboard. Through the GPS coordinates contained in the embedded image properties, any app used by the user after copying such a photo to the pasteboard can read the location information stored in the image properties, and accurately infer a user’s precise location. This can happen completely transparently and without user consent.”
So all in all, due to the unrestricted access to the clipboard feature in IOS devices, a user can accidentally expose their personal data. Further, when using the clipboard, any app can then read the information stored in the properties of, for example a copy and pasted photo.
The worst part of it all is that the app that then possibly uses the information does it quietly and without consent from the user.
Now, the final question is, what can I do to prevent this from affecting me / my devices?
To elaborate, the researchers at Mysk have also created a few tips on what a user can to to secure their clipboard. The short abbreviated version is that editing permissions for applications and reading systems on your devices is a step in the right direction.
The researchers also reported the vulnerability to Apple. The tech giant claims that the vulnerability is not an issue or a security threat to the user.
The takeaway here is that users should make sure to stay informed on privacy and security topics like this one. I know personally, before reading the report from Mysk I was completely unaware of the situation. And now, I can help inform others, and protect their privacy.
Finally, let’s all try to be a bit more cautious when it comes to implementing privacy procedures and permissions. As technology grows, so does the need to protect and secure our personal data.
By Taylor Ritchey