The experts showed how iOS apps can steal your data

The clipboard is a pretty simple but versatile tool that can use to our advantage any attacker

Apple is pretty adamant in the issues of security and often a step ahead of hackers and intruders, carefully blocking any manifestation of surveillance users. Sometimes, however, in Cupertino are faced with a dilemma when having to choose the lesser of two evils. This was the case with Siri, which to study, was to record the conversations of users and send the transcript, in fact, encroaching on their privacy. Despite this, the company was able to find a compromise built-in iOS mechanism to ban the audition. But what about the clipboard?

See also: How the iPhone affected the security of Android smartphones

Researchers from the team Mysk found out that any application for iOS, regardless of the source, the default installation has unlimited access to the clipboard, even if other privileges inaccessible to him. Through it they can obtain a wide range of information – from the credentials like usernames and passwords, which are often administered not from memory, but copying it from text documents or password managers, to the current location of the user, even if access to location services at the program there.

How apps are watching you

To demonstrate how easy and simple everything is happening, the developers have created a dummy app KlipboardSpy, which for clarity have been taught to save geolocation information from the copied photos. Since most users do not pay the proper attention to metadata, usually pictures contain the coordinates of the place where they were made. Therefore, if you copy the image itself, the application will be able to pull up from the clipboard and it, and all the metadata that it has.

See also: Apple said for the safety of their products

It turns out that even such a minor from the point of view of functionality a tool, like a clipboard, can become a means of surveillance? Well, by and large it is, because any application has unrestricted access to this system partition. Another thing is that it is impossible to forbid them to refer to the buffer and get the data from there, because in this case lost its essence. But here we need to understand that the application that receives the data from the buffer must be either launched itself, or needs to be run the widget. Just installed but inactive application nothing like can not do.

How to protect from spy on iOS

But this does not mean that to protect yourself from unauthorized access to data impossible. Rather, on the contrary, the realization that the clipboard is a book that can open and read any program regardless of whether you trust her or not, will encourage you to to take care of their own safety. After all only need to follow some simple tips and in any case not to retreat from them.

See also: Security system "Sign in with Apple" questioned

First, you need to carefully approach the issue of downloading new apps. Perhaps this advice will seem too obvious, but, as practice shows, many users indiscriminately downloaded from the App Store, any software, without looking at the reviews, or hoping that the application for creating a family tree fingerprint or measuring blood pressure and heart rate really work.

How to remove metadata from photos on iOS

To access the metadata snapshot may be any application, once you have it copied

Secondly, you need to remove metadata from photos, if you are 100% sure that you need them. To do this go to the Photos app, open any picture and start menu “Share”. In the opened window select “Options” and uncheck the option “All these photos”. Now all the metadata, including the coordinates of the shooting, will be removed and applications will not be able to access them under any circumstances.

See also: Developers 70% of the iOS apps do not care about your safety

Thirdly, try not to store logins and passwords in text documents, not to copy them for authorization. For safe storage you will approach the password Manager, which is now built into most popular browsers, including Safari. But if this storage method you don’t like, download the app like 1Password or LastPass, which have extensions for Safari, and just use the autocomplete feature without storing sensitive information in the clipboard.

Leave a Reply

Your email address will not be published. Required fields are marked *