In this context, the TikTok app was the most discussed last week. The developers of this service reacted in the expected way: this is not a bug, but a feature. Regular clipboard request (not at startup, but constantly when entering text) was implemented to identify spammers who post the same text many times. Antispam will be removed from the application with the next update. While there is no direct threat to the security of user data, uncontrolled access carries certain privacy risks. By the way, the “news” was not entirely new: the strange behavior of applications was investigated back in March this year.
The video in the tweet above shows the behavior of the TikTok app: when the user types a message, it reads the buffer every time a space or any punctuation is entered. The detailed description of the problem on the ArsTechnica website explains why this behavior of applications can be dangerous. It is clear that passwords, payment information and other user-sensitive data pass through the buffer. But there is another feature of the Apple ecosystem: if the smartphone is not far from a macOS-based desktop computer, they have a common clipboard. The copied information from the buffer is not erased and remains there until the next operation. It turns out that it is available to developers of popular applications, and if not for the innovation in iOS 14, no one would have known about this behavior.
More precisely, only specialists would know. Back in March, a study was published that identified dozens of applications with similar behavior. Among those accessing the clipboard, ups from popular media, games, and applications for demonstrating weather forecasts were noticed. The clipboard capture is sometimes used for the convenience of the user: for example, when you log into your account, a message is sent to you by email with a code. You copy the code, and it automatically “picks up” when you return to the application.
But this is completely optional functionality, and it is not entirely clear why balls and golf have access to the clipboard. Obviously, in all the mentioned applications, buffer reading was implemented “for the convenience of the user” or, at least, for the convenience of the developers. It is not known what happens next with the copied data. Speaking strictly about malware, clipboard interception is a standard feature for stealing user information, sometimes directly geared towards recognizing and stealing credit card data.
An interesting collision was revealed: the clipboard, by definition, should be available to everyone. This is almost the last outpost of freedom and interaction in modern mobile operating systems, where the further, the more strictly applications are isolated from each other and from user data. But thoughtless access to the buffer, when the user was not going to copy and paste anything, is also not the best practice. It is possible that developers will have to change something in their applications. Otherwise, at least with the release of iOS 14, users will see a lot of the same type of notifications about access to the clipboard.
What else happened
Google Analytics can be used to collect and exfiltrate user data. An expert from Kaspersky Lab analyzes a real attack using an analytics service.
The Nvidia driver update (version 451.48 for most GeForce graphics cards) covers serious vulnerabilities, including arbitrary code execution.
Interesting results of researching a database of billions of passwords collected from leaks. A total of 168 million unique passwords were obtained. Less than 9% of passwords are present in leaks only once, that is, most passwords are most likely to be reused. Almost a third of passwords consist of letters and do not contain numbers or special characters.
An article about the 2017 NotPetya attack on the shipping company Maersk by an IT insider.
The U.S. Congress continuesdiscussion of legislation providing for the presence of "backdoors" in encryption systems on user devices. This approach is criticized by cryptographers: you cannot weaken protection only in the interests of law enforcement agencies. The ability to decrypt data using a "secret key" may eventually be available to everyone.
Akamai reported on June 25on preventing one of the largest DDoS attacks. The article also proposed a new method for measuring attack power: in “packets per second”. This innovation was needed because of the attack properties: each of the attacking systems did not try to “clog” the provider's channel with traffic, but sent small data packets of only one byte in size. At the same time, garbage requests were sent with a high intensity: up to 809 million requests per second.
A database of 40 million "login-phone" pairs in the Telegram messenger got into open access . Among the users who entered the user base, 30% are from Russia. Most likely, the database was collected by abusing the standard functionality of the messenger, which allows you to find users by phone number, if it is recorded in the address book.