Two software developers, one based in Canada and the other in Germany, Tommy Mysk and Talal Haj Bakry, say they’ve discovered a flaw in the copy-paste system of Apple’s iOS that could leave iPhone and iPad users’ information vulnerable.
An assumption that is made by most phone companies like Apple is that, when you copy information from an app, the next app you open would be where you want to paste that information. But there are some exceptions in cases when you are distracted by a notification and you tend to open another app before pasting that information on the desired app.
Mysk and Bakry explains that every single app a user opens on an iPhone will have access to your pasteboard or clipboard, and can even write or rewrite on it. This also applies to any widgets that Apple users have running in their “Today View” panels on their phones or iPads . “It can read anything I have in the pasteboard: Photos, PDFs, texts, passwords, and whatever data type you can copy,” Mysk told Digital Trends. “This revelation was shocking to me. It was the reason that pushed me to write a demo app, document the work, and send it to Apple.”
There was a test to prove whether this claim was true. A software called Klipboard Spy developed by Mysk and Bakry was used for the test. The test showed how copying of information made the metadata and location of the file available to Klipboard Spy.
In a situation where you copy a password or a bank account number or any vulnerable data, other apps might be able to see this data. A malicious app installed could be able to access this copied information which is rather unfortunate.
According to Mysk, he sent in an official notice on January 2 to Apple stating that he and his partner Haj Bakry had found this flaw. Apple responded on February 6 and, according to Mysk, said that their assessment had concluded there were no risks and supplied a few solutions, but their ideas were paltry at best.
Over the past years Apple has changed its permissions for contacts and photos; it used to be that all apps on your phone had default access to these apps, but now a user has to actively give permission. Mysk said he wants to see similar permissions for the pasteboard, as well as a visual indicator for whenever an app can see the pasteboard, similar to the location arrow a user will see when an app is using your location.
In order to be on a safer side always tend to be concentrated on what you doing when copying information from one app to the other, avoid distractions