Malicious iOS Apps Can Quietly Steal Data From the Clipboard
By German software engineer Tommy Mysk believes the implementation of the cut-copy-paste functionality in iOS counts as a vulnerability Apple needs to fix, but Apple disagrees.
Copying information from one location to another using copy-paste is a common action on any device, but on iOS and iPadOS it leaves your data vulnerable, according to a software engineer.
As Threatpost reports, German software engineer Tommy Mysk believes the implementation of the cut-copy-paste functionality in iOS counts as a vulnerability Apple needs to fix. The problem stems from the fact any app is allowed to read data stored temporarily in the clipboard, and Mysk wrote a proof-of-concept app to demonstrate how easy it is to steal that data.
Apple believes the copy-paste system it uses is a basic function of all operating systems, while at the same time only iOS apps that are active and in the foreground can access the clipboard. With that in mind, Apple doesn’t believe there’s a vulnerability to address.
Mysk’s response is an app called KlipboardSpy and an iOS widget called KlipSpyWidget. In the video above he shows how the GPS location can be silently extracted from a copied photo even though the app doesn’t have access to Location Services. Mysk gets around the app needing to be active and in the foreground by using a widget instead and setting it to be always active.
Even if all apps are closed the widget can still read the contents of the clipboard every time the Home Screen is brought into view. Next time the KlipboardSpy app is opened it collects the data grabbed by the widget from the clipboard.
The vulnerability is present on all Apple devices running iOS and iPadOS 13.3. The solution, according to Mysk, is for Apple to introduce a new permission which blocks access to clipboard data unless a user expressly grants an app permission to view it. As an alternative, Mysk suggests, “the operating system can only expose the content of the pasteboard to an app when the user actively performs a paste operation.”
As Apple doesn’t view this as a vulnerability the functionality and implementation won’t change, but there’s clearly an opportunity for apps to steal data here if they choose to. There’s also little chance Apple will decide to do anything to address it in future seeing as iOS users were talking about clipboard vulnerabilities three years ago.
