In this video, view a demonstration of the copy-paste vulnerability.
- [Instructor] When the copy and paste text or other data in iOS, the content goes in the pasteboard. The pasteboard is a system-wide shared resource. The text copied in one application can be read by other parts of the same app and by other apps too. Thus, if we allow the copying of sensitive data like passwords of PIN codes, those become available to all apps in the system. In this demo, I'm going to demonstrate the issue with the general pasteboard.
I've gone ahead and created a simple app called Pasteboard. If you want to follow along with me, you can the project in the Exercise Files folder, Chapter two, two four, begin. The app has three text fields that resemble a simple login UI. We can enter a Username, Password, and the Password again for validation. Let's the inspect these text views. I'm going open this panel and switch the Attributes Inspector.
Now let's select the Username field. As you can see the Content Type is set to Username. For the Password is set to Password, and Repeat Password is also a Password Content Type. Now let's run the demo. I enter secure user for the Username, and SuperSecretPassword for the password.
Next, instead of typing the password again in the Repeat Password field, I use the copy and paste feature. Let's copy it and paste it over here. Now let's switch to another app. For example the Reminders app. Let's add a new reminder and I use the paste function again. Let's add a new reminder and I use the paste function again. And our SuperSecretPassword can be seen also here.
All the content that gets copied to the general pasteboard is available to all the apps in the system. This is a useful feature but it can also become a vulnerability.
Author
Released
10/26/2018- Encryption, code signing, and sandboxing
- Preventing pasteboard leakage with and without coding
- Working with the keychain
- File data protection
- Securing apps using biometrics
- Implementing Touch ID and Face ID
- Performing asymmetric encryption and decryption
Skill Level Intermediate
Duration
Views
Related Courses
-
Advanced iOS Development: Working with APIs
with Saul Mora1h 59m Intermediate -
Swift 4: Protocol-Oriented Programming
with Károly Nyisztor1h 44m Intermediate
-
Introduction
-
Keeping your apps secure1m 13s
-
What you should know1m 21s
-
-
1. iOS Security Fundamentals
-
Security in iOS1m 2s
-
The Secure Boot1m 34s
-
Touch ID and Face ID1m 42s
-
Code signing1m
-
Sandboxing53s
-
User privacy41s
-
-
2. User Data Protection
-
Purpose strings2m 7s
-
The pasteboard spy app2m 24s
-
Hacking the UserDefaults4m 40s
-
-
3. The Keychain
-
Using the Keychain wrapper4m 31s
-
4. File Data Protection
-
5. Securing Apps Using Biometrics
-
Implementing Touch ID2m 51s
-
Implementing Face ID4m 57s
-
-
6. Cryptographic APIs/Interfaces
-
Creating the private key5m 49s
-
Conclusion
-
Next steps50s
-
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.
CancelTake notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Exposing sensitive data through copying and pasting