Skip to main content

iOS Copy-Paste Data Vulnerable to Snooping by Other Apps: Researchers

When it comes to data privacy and security, Apple has rarely shied away from taking credit for its encryption and security. Even in the tech industry, analysts have time to time lauded the company for its relatively secure operating system when compared to its immediate competitors. But now an alleged flaw in its ecosystem, exposed by two researchers, may allow personal data in Apple’s iPad and iPhone devices to be intercepted.

According to Talal Haj Bakry and Tommy Mysk, when a user copies any miscellaneous data, it gets stored on Apple’s general pasteboard (commonly known as clipboard). This data temporarily stored to the device’s memory can be accessed by all apps, thereby, risks revealing private information such as a user’s GPS coordinates, passwords and banking details.

“iOS and iPad operating system apps have unrestricted access to the system-wide general pasteboard,” the duo noted in a post published on Monday. They added saying, “A user may unwittingly expose their precise location to apps by simply copying a photo taken by the built-in Camera app to the general pasteboard. Through the GPS coordinates contained in the embedded image properties, any app used by the user after copying such a photo to the pasteboard can read the location information stored in the image properties.” 

To illustrate how one can access information, Mysk and Bakry published a video on their blog in which the researchers created a rogue proof-of-concept (PoC) app called KlipboardSpy and an iOS widget named KlipSpyWidget to show how data saved in general pasteboard gets accessed by apps. You can watch the video here:

Bakry and Mysk further reclaimed in their post that they first submitted this article and source code to Apple on January 2, 2020. “After analysing the submission, Apple informed us that [it doesn’t] see an issue with this vulnerability,” they said. In their research, it was also mentioned that going by Apple’s policies, “iOS and iPad operating system are designed to allow apps to read the pasteboard only when apps are active in the foreground”. The researchers cautioned that these apps can always access when an app widget is added to Apple’s Today View.

In the concluding section of their post, the duo suggested that Apple should not have “unrestricted access to the pasteboard without user’s consent,” adding, “Alternatively, the operating system can only expose the content of the pasteboard to an app when the user actively performs a paste operation.”

This post “iOS Copy-Paste Data Vulnerable to Snooping by Other Apps: Researchers” is originally from NDTV Gadgets – Latest published on 2020-02-25 17:18:22. Hope you have liked the post. Don’t forget to share it using the social share buttons below this post.

Hows.in is an online portal where you will find such tech updates daily.

Follow us on Twitter @hows_in for all tech news and updates daily.



source https://hows.in/ios-copy-paste-data-vulnerable-to-snooping-by-other-apps-researchers/

Comments

Popular posts from this blog

Buy Swaddle Blankets for Baby,100% Cotton Muslin 47 x 47 inch Baby Blankets Cloth Diapers for Wrapping and Swaddling Infants (Hedgehog) Online | Discount, Coupon Codes

Buy Swaddle Blankets for Baby,100% Cotton Muslin 47 x 47 inch Baby Blankets Cloth Diapers for Wrapping and Swaddling Infants (Hedgehog) Online Swaddle Blankets for Baby,100% Cotton Muslin 47 x 47 inch Baby Blankets Cloth Diapers for Wrapping and Swaddling Infants (Hedgehog) is one of the Best Swaddling Blankets in 2020 available to buy online on Amazon. You can buy Swaddle Blankets for Baby,100% Cotton Muslin 47 x 47 inch Baby Blankets Cloth Diapers for Wrapping and Swaddling Infants (Hedgehog) at ₹ 999.00 - ₹ 779.00 with discount here . Swaddle Blankets for Baby,100% Cotton Muslin 47 x 47 inch Baby Blankets Cloth Diapers for Wrapping and Swaddling Infants (Hedgehog) Discount, Coupon Codes Getting tired & sleepless nights with your newborn? As parents ourselves, we know that adjusting to your newborn’s sleeping schedule is never easy. Infants get startled at the slightest sound and wake crying. That’s why, swaddling your baby is the best solution! Swaddling you...

NAYA NAYA LOVE LYRICS – Sab Kushal Mangal

NAYA NAYA LOVE LYRICS – Sab Kushal Mangal Full Song Welcome to Hows.in. Here are the NAYA NAYA LOVE LYRICS – Sab Kushal Mangal of full song. Here we have published NAYA NAYA LOVE LYRICS – Sab Kushal Mangal for you to read. You can bookmark this page to open it in future whenever you need. NAYA NAYA LOVE LYRICS – Sab Kushal Mangal Naya Naya Love Lyrics Naya naya love, naya naya love Naya naya love, naya naya josh hai Heart beat tezz, heart beat tezz Heart beat tezz, ab nahi hosh hai Tu bada hot, tu bada hot Tu bada hot, thanda ho jayega Baat meri maan, baat meri maan Baat meri maan, varna pachtayega Baahon se cutie faraar ho jayegi Dhoondte rahoge nazar na aayegi Nayi wali jab, nayi wali jab Nayi wali jab dhoka deke jaayegi Purani girlfriend, purani girlfriend Purani girlfriend yaad aayegi Nayi wali jab, nayi wali jab Nayi wali jab dhoka deke jaayegi Purani girlfriend, purani girlfriend Purani girlfriend yaad aayegi Roz roz tujhko le jaayegi Club disko mein...

Samsung clarifies that a ‘technical error’ in its UK website exposed data of 150 customers- Technology News, Firstpost

tech2 News Staff Feb 26, 2020 09:25:59 IST Samsung Electronics Co Ltd said on Wednesday a “technical error” on its UK website temporarily exposed the personal data of about 150 users. The South Korean manufacturer said it stopped all users logging into the site after it became aware of the error, which it said has since been resolved and only affected the UK. Samsung did not say for how long the data was exposed. Samsung. The error exposed information including names, telephone numbers, postal and email addresses and previous orders, Samsung said in a statement to Reuters . It did not expose credit card details, the company said. “We will be contacting those affected by the issue with further details,” Samsung said in the statement. As per a report by Android Authority , due to this data breach, Samsung Galaxy users got a “1-1” notifications from an app called  Find My Mobile,  a tool that allows users to connect with your devices in case it is stolen or lost. Sever...