Researchers have found a flaw in some iPhone and iPad models that allows the interception of personal data. The commonplace copy-and-paste technique that device owners often use appears to be the achilles heel.
In a disclosure directly to Apple, researchers Talal Haj Bakry and Tommy Mysk found that any application can access copied-and-pasted information captured by the built-in camera app. The key flaw is that that copied data is temporarily stored on the clipboard. Bakry and Mysk say that hackers could access this information to take personal information such as location, passwords, and banking details.
“An average user is very likely to have performed (the related copy/paste steps),” the researchers said. “Copying photos from the Photos app is an increasingly common practice. As a result, the likelihood that a user has left out a photo stored in the pasteboard is alarmingly high. With that, the user has exposed their precise location information to any app that is used after this point of time, regardless of whether the app is granted access to location services or not.”
Geo-location a particular problem
Malicious apps are nothing new, but device users simply can’t be too careful anymore.
This flaw gives hackers another way into our phones and tablets, and that can put people’s lives in danger in some places around the world. Bakry and Mysk consider the location leak “very critical” because it divulges the user’s precise location information without the user's consent.
“Exposing such precise location information can be life-threatening in some parts of our world,” they said.
Is there a fix?
The flaw has been reported to Apple, and the researchers even went as far as building an app that might fix the issue. But until the company decides whether it wants to address the issue, there doesn’t seem to be a workaround other than just not copying and pasting.
If Apple decides what the researchers found is, in fact, a flaw, it’s usually quick to respond to things of this nature. iPhone and iPad owners can probably expect the issue to be addressed in an upcoming system software release.
ConsumerAffairs reached out to Apple for comment and additional insight into the researchers’ findings but had not received a response as of press time.