Samsung Smartphones May Store Passwords in Clipboard History

Samsung's Android smartphones have been found to retain copied content in their clipboard history, including previously copied passwords. The manufacturer is currently reviewing this issue following reports from concerned users.

Recent discussions in the media have highlighted a user's alarming discovery regarding the Samsung keyboard. This concern is not new; users have noted that the clipboard history on Samsung devices can display sensitive information, such as passwords copied from password managers.

When users tap the clipboard icon during text input, they can access a history of copied entries that may include old passwords. This functionality seems to disregard the source of the data, allowing sensitive information from password managers to remain viewable.

Samsung's clipboard operates as expected, but there is currently no automatic deletion feature for old entries. Users can view their clipboard history by opening the keyboard and tapping the clipboard icon. Additionally, a trash icon is available to delete individual or all entries at once.

This raises security concerns, as applications can access the clipboard and potentially retrieve passwords without authorization. If a device is unlocked, others may also access this sensitive information. Samsung has acknowledged this issue in response to user feedback, indicating that the clipboard is managed at the system level. However, it remains unclear whether this means that other user accounts on the same device can access clipboard entries.

In light of these risks, Samsung has taken note of user suggestions to implement features that would automatically delete clipboard entries after a specified time or allow for exceptions. To mitigate potential dangers, Samsung advises users to clear their clipboard history as needed and to use secure input methods for sensitive data, likely referring to manual entry of passwords.

Concerns about clipboard security have historically emerged in different contexts; for instance, programs have been known to copy data to the system clipboard unnoticed. This issue was notably observed in 2022 with Chromium-based web browsers, where malicious actors could insert harmful content into the clipboard, leading unsuspecting users to execute unwanted commands.

The clipboard functionality on smartphones, particularly those running on Android, continues to be a topic of discussion as users become increasingly aware of the potential vulnerabilities associated with managing sensitive data.