A vulnerability has been discovered in the operation of the clipboard on Samsung smartphones. It was discovered by chance by a user. On the brand's American forum, the user expressed surprise that "Samsung's clipboard saves everything in plain text without expiration." In short, all the data you copy with the phone's clipboard is stored indefinitely at the mercy of cybercriminals. This isn't the first time the breach has made headlines. References to the bug have been found on forums as early as 2019.
The Samsung Galaxy clipboard is like spyware
As the user points out, it "copies passwords from my password manager all the time." Furthermore, many users are in the habit of copying and pasting sensitive data, such as bank details, login details, or private keys that provide access to cryptocurrency wallets. Not all of this information is stored securely, leaving hackers with a path to entry.
If "someone steals your phone, or even if a friend or acquaintance uses it while it's unlocked, they can simply scroll through your clipboard and see all your passwords," the user realizes. For the user, Samsung should at least erase all saved content after a few hours.
In the eyes of researcher Clément Domingo, it's a bit like the smartphone's clipboard acting like spyware. The expert points out that most users copy their bank card number "and then paste it into a field for a purchase" or "all kinds of information", including their password "before pasting it to authenticate online". This is a "seemingly benign practice, but one that could have dramatic consequences for the security of your personal data."
The case has been widely publicized, to the point that Samsung has confirmed a failure in its security mechanisms. On the same forum, the South Korean group considered that the user "raised a valid concern regarding clipboard security", particularly "in scenarios involving sensitive data such as passwords".
The company promised to contact the appropriate team to make "valuable improvements", such as "automatically clearing the clipboard after X minutes/hours or excluding sensitive applications from the clipboard history".
Until Samsung fixes this, we recommend that you regularly clear your smartphone's clipboard history. Make sure to clear it after copying potentially sensitive data, including passwords. We also strongly recommend using a password manager. Most of them have an auto-fill system, which eliminates the need for copy and paste.
Source: Samsung

0 Comments