Android OS flaw that enables apps to view passwords copied to clipboard...

  • 4 December 2014
  • 1 reply
  • 1647 views

Userlevel 2
Recent news articles pointed out that the Android OS has a flaw that enables any installed app to access information copied to the clipboard.  This presents a problem for virtually every password management program (e.g., Lastpass, Keepass).  See this link for more info: http://www.talkandroid.com/227369-password-managers-on-android-are-not-as-secure-as-one-would-think/
Note: I tested for and verified that this flaw exists by copying a newly created Login and Password that I stored in KeePass, and then using the proof-of-concept App (mentioned in the above article) ClipCaster to see if it could "capture" the data; it did.  In other words, password managment apps like Lastpass and KeePass store logins/passwords and allow users to copy them to the clipboard for easy entering into online forms, etc.  The Android OS flaw enables any app to access this data, and requires no extra permissions to do so.
So, I am wondering if there is anything that Webroot can do to protect us from this?

1 reply

Userlevel 7
Hello!
 
That is a very serious security issue. While Webroot and other AV companies may be able to implement something to help keep this from happening, it is more a coding fault within the OS itself. Google should introduce a patch for this flaw as that will be a safest and best way to fix the issue. 
 
EDIT: Correct the OS system manufacturer.

Reply