From the course: iOS Development: Security

Exposing sensitive data through copying and pasting - iOS Tutorial

From the course: iOS Development: Security

Start my 1-month free trial

Exposing sensitive data through copying and pasting

- [Instructor] When the copy and paste text or other data in iOS, the content goes in the pasteboard. The pasteboard is a system-wide shared resource. The text copied in one application can be read by other parts of the same app and by other apps too. Thus, if we allow the copying of sensitive data like passwords of PIN codes, those become available to all apps in the system. In this demo, I'm going to demonstrate the issue with the general pasteboard. I've gone ahead and created a simple app called Pasteboard. If you want to follow along with me, you can the project in the Exercise Files folder, Chapter two, two four, begin. The app has three text fields that resemble a simple login UI. We can enter a Username, Password, and the Password again for validation. Let's the inspect these text views. I'm going open this panel and switch the Attributes Inspector. Now let's select the Username field. As you can see the Content Type is set to Username. For the Password is set to Password, and Repeat Password is also a Password Content Type. Now let's run the demo. I enter secure user for the Username, and SuperSecretPassword for the password. Next, instead of typing the password again in the Repeat Password field, I use the copy and paste feature. Let's copy it and paste it over here. Now let's switch to another app. For example the Reminders app. Let's add a new reminder and I use the paste function again. Let's add a new reminder and I use the paste function again. And our SuperSecretPassword can be seen also here. All the content that gets copied to the general pasteboard is available to all the apps in the system. This is a useful feature but it can also become a vulnerability.

Contents