They discover a big security problem that affects iPhone, iPad and Mac

Recently security researchers Talal Haj Bakry and Tommy Mysk (via Forbes) have discovered a clipboard related vulnerability for iPhone, iPad and Mac.

This security problem would allow malicious applications “Steal” any copied data on the clipboard. From what you can imagine, this is a pretty serious problem.

According to Apple, the copy and paste functionality works normally, but there appears to be a security breach that could affect users of iOS, iPadOS, and macOS.

It may interest you | Larry Tesler, Apple Employee Who Invented Cut, Copy And Paste, Just Passed Away

The vulnerability that affects iPhone, iPad and Mac

At first it was thought that this security breach only affected iPhone and iPad. But apparently it goes beyond mobile devices and is also present on Mac.

“We have revealed in our article that the Universal Clipboard can also be affected by this vulnerability to spy on what users copy to their Macs.”

This would be quite a serious problem, because the use of copy and paste is quite common on an iOS or iPadOS device, but it is much more so on a Mac.

As Apple explains, users can use the Universal Clipboard to copy and paste content between different devices. That is, you can copy text, images, photos and videos on an iPhone and then paste them on an iPad or Mac.

In this couple of tweets shared on Twitter by Tommy Mysk (@mysk_co) he talks about the vulnerability by adding a couple of video recordings of his iPad and Mac screen:

Friends!

It is not only photos that KlipboardSpy can steal.

Thanks to remarks from @MayaErgas, we added a video showing how KlipboardSpy on iPad or iPhone can steal text from Mac by spying on Universal Clipboard

Read the full article at https://t.co/IzHClZxFw1 pic.twitter.com/IXEmuSnzAn

– Mysk (@mysk_co) February 26, 2020

In his tweets, the security researcher proclaims that the vulnerability not only allows a malicious application to steal photos, but it can also steal text and even reveal your location through location services. All this thanks to a demo application called KlipboardSpy.

Thanks to this vulnerability, a malicious attacker could create an application like KlipboardSpy to steal data that has been copied to the iPhone, iPad or Mac clipboard and then access the metadata attached to a photo taken on the device.

From Apple they analyzed the problem and were not concerned

According to the researchers, they shared their discovery with Apple on January 2, 2020. They explained that, after analyzing their report, Apple reported that “They did not see any kind of problem with this vulnerability”. Surprised, they contacted the company with the bitten apple again but did not get any response.

For this vulnerability to affect a device, a malicious application must be running in the background. The researchers arranged their application in a Today View widget and watched the problem spread.

“A malicious application could exploit the vulnerability to discover a user’s location, even when that user has blocked the option to share the location with that app.”

The notice that security researchers Talal Haj Bakry and Tommy Mysk gave to Apple encouraged the company to remove unrestricted access to the clipboard. They could do this through the privacy settings in the latest versions of iOS or iPadOS. As an alternative, another possible solution to this security problem would be restrict clipboard access when the user executes a content paste operation.

It is important to mention that this is only a potential security problem. That is, no case has yet been found where an attacker steals data from a user’s clipboard with a malicious application. But researchers have shown that the vulnerability is there, and it could only be a matter of time before an app like this makes its way onto the App Store.

Hopefully Apple will react and fix the security problem with a patch in future versions of iOS, iPadOS and / or macOS. We will remain attentive to possible news. What do you think about this curious and potentially dangerous security problem on iPhone, iPad and Mac?