Apple Takes Heat Over ‘Vulnerable’ iOS Cut-and-Paste Data
German software engineer Tommy Mysk has developed rogue proof of concept (PoC) app called KlipboardSpy to demonstrate how any cut and paste data stored temporarily on an iPhone or iPad’s memory can be accessed by all apps installed on the specific device. This means that malicious apps could potentially have access to private information such as a user’s GPS coordinates, passwords, banking data, or a spreadsheet copied in an email through analyzing the cut and paste data.
Mysk designed the app to illustrate how any app installed on an iOS device can access clipboard data and subsequently use it to retrieve personal information. Throughout his investigation, Mysk focused on photos taken by a device’s camera, using metadata to pinpoint the user’s geographical location. Apple responded to Mysk’s research, stating that they did not consider its implementation of cut and paste as a vulnerability, but rather a basic function of most operating systems.