Sign in / up

back to article Samsung admits Galaxy devices can leak passwords through clipboard wormhole

Samsung has warned that some of its Galaxy devices store passwords in plaintext. The Korean giant’s security SNAFU was reported by a user using the handle “OicitrapDraz” in a post to Samsung’s community forum. “I copy passwords from my password manager all the time,” OicitrapDraz wrote on April 14. “How is it that Samsung’s …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Pascal Monett Silver badge

    "sloppy security practices"

    Well, we're talking about Borkzilla.

    No surprise there.

    4 3 Reply
  2. CowHorseFrog Silver badge

    How is this not a bug in Android itself ?

    1 5 Reply
    1. big_D Silver badge
      Reply Icon

      Because it seems to be a One UI specific "feature".

      4 0 Reply
      1. CowHorseFrog Silver badge
        Reply Icon

        Are you guessing or do you know ?

        Im pretty sure Android has a clipboard feature and that users and apps can read/write from/to it.

        0 2 Reply
      2. CowHorseFrog Silver badge
        Reply Icon

        Others below say different.

        1 1 Reply
  3. YetAnotherXyzzy

    Bitwarden, and presumably some other password managers, can clear your device's clipboard some seconds after copying a password to it. Which seems to me to be a better way to do this than rely on the OS or a skin provider to try to guess if what you put in the clipboard might be sensitive and to give it special treatment.

    In Bitwarden for Android this is set at Settings - Other - Clear clipboard. I don't recall what the default setting is.

    3 0 Reply
    1. Steve Jackson
      Reply Icon

      In the Bitwarden browser extension and the iOS app, the Clear Clipboard default is 'Never'

      0 0 Reply
  4. Grindslow_knoll

    Default in Keepass

    KeePass (and its forks/variants) clear copied passwords by default after a short timeout.

    0 0 Reply
    1. Guido Esperanto
      Reply Icon

      Re: Default in Keepass

      Whilst the setting exists in keepass...it doesnt actually clear the clipboard.

      I just tested by logging into el reg

      I have mine set to 1m timeout.....and several mins later...still in the clipboard

      0 0 Reply
    2. petef
      Reply Icon

      Re: Default in Keepass

      Not on Samsung.

      I've just verified again that its password clearing is ineffective on my Galaxy A25. It does work on my old Moto g22 and other platforms.

      0 0 Reply
      1. david1024
        Reply Icon

        Re: Default in Keepass

        That makes sense as the skin has modified the clipboard behavior and KeePass would need to clear that clipboard in addition to the standard OS one.

        Which makes it a Samsung problem as they created this new and nonstandard clipboard that has an insecurely implemented feature. And their answer is just "don't do that"... Classic.

        2 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like