Security Software How to secure against clipboard snooping?

lockhrt999

lockhrt999

Not a Fan.
Skilled
All of the operating systems we use, be it windows, linux, mac, android or iOS let any application running in the background read your clipboard.

Be it some proprietary source code, passwords or credit card numbers, I'm always anxious when I'm copying something on my computer or mobile. Many applications (eg truecaller) are always reading your clipboard. Plus on windows, not only can they see what you copied recently but they can also see the history too.

It literally takes only a few lines of codes which can read your clipboard and upload it some server. It's that easy.

I know it's insecure by design. And we are also supposed to remember all of the damn passwords by design, but reality is different.

So can I stop anyone reading my clipboard be it windows or mobile?
 
Theres some inbuilt feature I think for clearing out CB once pasted. I have it but unsure where it is. But if you dont paste the data remains in memory.
Or why not better use clear clipboard freeware apps?
 
This cannot be fixed/secured unless the architecture is changed. The clipboard needs to be locked behind a permission gate and access to the resource should be granted to the process user chooses to paste (Ctrl+V) on by a pop-up or automated only for that instance of "pasting".
Using an app for this if available is against the idea of granting access to 3rd party and will defeat the entire purpose.
 
Last edited:
The Keepass app I use makes use of this to avoid the clipboard -
Screenshot_20220528-122005.png
 
rockstah said:
Even if the apps aren't open or running in the background?!
Click to expand...
You mean the app that's supposed to read your clipboard? It should be running in the background like a virus.

enthusiast29 said:
This cannot be fixed/secured unless the architecture is changed. The clipboard needs to be locked behind a permission gate and access to the resource should be granted to the process user chooses to paste (Ctrl+V) on by a pop-up or automated only for that instance of "pasting".
Click to expand...
Right. That's exactly what I'd like to have. But yeah, as you said, it's nearly impossible to make it foolproof as the flaw lies in the architecture.
 
tech.hindustantimes.com

Ban TikTok app from Apple App Store and Google Play Store by July 8, says US FCC

FCC commissioner urged Apple and Google to ban TikTok app from their app stores. Here’s why.
tech.hindustantimes.com tech.hindustantimes.com

Tiktok caught harvesting user clipboard data. Well, caught is a wrong word more like one of admin from china foolishly admitted accessing user's private data by reading the clipboard.

This all proves my point again. All operating systems have very wide security lapse in the name of the clipboard. How many other apps are harvesting user data like this? We have no idea.

www.theverge.com

TikTok says it will stop accessing clipboard content on iOS devices

The company says it’s submitted an update to the App Store
www.theverge.com www.theverge.com
 
I've recently noticed popup (toast) in my moto edge 30 android 12 phone that says "whatsapp pasted from your clipboard" whenever I do this...
 
vishalrao said:
I've recently noticed popup (toast) in my moto edge 30 android 12 phone that says "whatsapp pasted from your clipboard" whenever I do this...
Click to expand...
But did you actually paste in whatsapp? Or whatsapp was just running in the background.
 
Last edited:
enthusiast29 said:
Getting informed about some app which has already stolen your data is as good as not getting informed at all. I don't see the point of these toast notifications.
Click to expand...
Right. Earlier, we didn't care because we never knew apps could be looking at our nudes from clipboard. But now we do know who's looking but still can't do anything to stop it.
 
nRiTeCh said:
Android is an open world so cant do much about it..
Click to expand...
Operating system/Kernel being open source has nothing to do with the issue of a feature of an OS which is a shared resource by default with no authorization required to access it (not entirely true, authorization is required but it's enabled and open by default).
Also it's an issue across all operating systems to my knowledge, be it closed source or open.
 
lockhrt999 said:
But did you actually paste in whatsapp? Or whatsapp was just running in the background.
Click to expand...
Yes whenever I manually paste it shows the popup.

So I'm presuming if an app tries to access clipboard automatically it should popup too...
Else the feature is pointless lol
 
This is a problem at enterprise level too. I had implemented a solution on preventing users from copy-pasting between work and personal mobile apps (sometimes same app like Outlook) and it works in preventing sensitive data getting pasted into unmanaged app.

However. My infosec team still marked it as a fail with High risk stating they could intercept data from clipboard.

There are a lot of such gaps on mobile apps. Another example is implementing a “web view” for user authentication. User name and password can be taken out by using vulnerabilities of a browser.
 
kalph09 said:
This is a problem at enterprise level too. I had implemented a solution on preventing users from copy-pasting between work and personal mobile apps (sometimes same app like Outlook) and it works in preventing sensitive data getting pasted into unmanaged app.

However. My infosec team still marked it as a fail with High risk stating they could intercept data from clipboard.

There are a lot of such gaps on mobile apps. Another example is implementing a “web view” for user authentication. User name and password can be taken out by using vulnerabilities of a browser.
Click to expand...
Taking about windows, I can write a solution for that. It'll essential have an alternate clipboard which is managed by the solution and not the OS.

Only problem is that, I don't know how to stop other applications saving things directly to clipboard. So if I could figure out how to stop 'save to clipboard' function present on windows.
 
Back
Top