Skip to main content

iOS Copy-Paste Data Vulnerable to Snooping by Other Apps: Researchers

When it comes to data privacy and security, Apple has rarely shied away from taking credit for its encryption and security. Even in the tech industry, analysts have time to time lauded the company for its relatively secure operating system when compared to its immediate competitors. But now an alleged flaw in its ecosystem, exposed by two researchers, may allow personal data in Apple’s iPad and iPhone devices to be intercepted.

According to Talal Haj Bakry and Tommy Mysk, when a user copies any miscellaneous data, it gets stored on Apple’s general pasteboard (commonly known as clipboard). This data temporarily stored to the device’s memory can be accessed by all apps, thereby, risks revealing private information such as a user’s GPS coordinates, passwords and banking details.

“iOS and iPad operating system apps have unrestricted access to the system-wide general pasteboard,” the duo noted in a post published on Monday. They added saying, “A user may unwittingly expose their precise location to apps by simply copying a photo taken by the built-in Camera app to the general pasteboard. Through the GPS coordinates contained in the embedded image properties, any app used by the user after copying such a photo to the pasteboard can read the location information stored in the image properties.” 

To illustrate how one can access information, Mysk and Bakry published a video on their blog in which the researchers created a rogue proof-of-concept (PoC) app called KlipboardSpy and an iOS widget named KlipSpyWidget to show how data saved in general pasteboard gets accessed by apps. You can watch the video here:

Bakry and Mysk further reclaimed in their post that they first submitted this article and source code to Apple on January 2, 2020. “After analysing the submission, Apple informed us that [it doesn’t] see an issue with this vulnerability,” they said. In their research, it was also mentioned that going by Apple’s policies, “iOS and iPad operating system are designed to allow apps to read the pasteboard only when apps are active in the foreground”. The researchers cautioned that these apps can always access when an app widget is added to Apple’s Today View.

In the concluding section of their post, the duo suggested that Apple should not have “unrestricted access to the pasteboard without user’s consent,” adding, “Alternatively, the operating system can only expose the content of the pasteboard to an app when the user actively performs a paste operation.”

This post “iOS Copy-Paste Data Vulnerable to Snooping by Other Apps: Researchers” is originally from NDTV Gadgets – Latest published on 2020-02-25 17:18:22. Hope you have liked the post. Don’t forget to share it using the social share buttons below this post.

Hows.in is an online portal where you will find such tech updates daily.

Follow us on Twitter @hows_in for all tech news and updates daily.



source https://hows.in/ios-copy-paste-data-vulnerable-to-snooping-by-other-apps-researchers/

Comments

Post a Comment

Popular posts from this blog

China sees app downloads surge in virus side-effect

NEW DELHI : Confined to their homes because of the coronavirus epidemic, millions of people in China are turning to mobile games and apps to break the monotony and to work as well, handing a surprise boost to app developers. China recorded 222 million downloads of various games and apps from Apple’s App Store since 2 February, according to app analytics firm App Annie. That was 40% more than the average weekly downloads in 2019, according to the company. While mobile games topped the list of downloads, there was also a significant increase in the download of apps related to education, entertainment, video and business. However, a similar spike in downloads of games and apps wasn’t seen in neighbouring countries such as South Korea and Japan, according to App Annie. Oliver Jones, co-founder and director of Bombay Play, a Bengaluru-based game developer, doesn’t find it surprising. “The most number of downloads and active usage occur during vacations, resulting in great monetizat
Post a Comment
Read more

HT Brunch Cover Story: Meet Bollywood’s own Miss Sunshine, Jacqueline Fernandez!

We look before and after, And pine for what is not: Our sincerest laughter With some pain is fraught -PB Shelly Jacqueline Fernandez Bollywood’s own Little Miss Sunshine whether she is sweating it out in the gym, or prepping for dance numbers, going for her morning horse riding sessions or just letting her hair down with her friends and co-actors, she is always resplendent. It seems if happiness had an Instagram account, it would look very similar to Jacqueline’s. But, is this instagrammed life, this joie de vivre, really real? Is it even possible for a girl living all alone so far away from her family and having such a highly-stressful job to be perpetually inside a happy bubble? I have always wondered. “It is not that I am consistently happy. I am consistently at peace with myself.” So, as the spunky actor plonks herself on the sofa wearing a casual white tee and black sweatpants, greeting me with her trademark smile and bouncy ponytail, I can’t help but ask her “Are you re
Post a Comment
Read more

SpiceJet data breach affects 1.2 million passengers: Report | BGR India

A data breach has hit one of India’s largest privately-held carriers, SpiceJet, affecting 1.2 million passengers in the country. Security researchers who first revealed the data breach told TechCrunch that they gained access to the carrier’s systems by brute-forcing the system’s easily guessable password. In a statement, SpiceJet said: “At SpiceJet, safety and security of our fliers’ data is sacrosanct. Our systems are fully capable and always up to date to secure the fliers’ data which is a continuous process. We undertake every possible measure to safeguard and protect this data and ensure that the privacy is maintained at the highest and safest level”. The private information of more than 1.2 million passengers were contained on an unencrypted database backup file of SpiceJet’s systems, according to the report. The details that the security researchers got access to as part of what they described as their “ethical hacking” efforts included the passenger’s name, their phone n
Post a Comment
Read more