Owners of Samsung mobile devices are at risk of losing their passwords due to a rather serious security issue. It turned out that some Galaxy devices running One UI store copied passwords in clear text on the clipboard. This means that it’s not that hard to access them — especially if someone has access to the phone or a malicious app reads the clipboard.
This bug was reported after post a user with the nickname OicitrapDraz on the Samsung community forum. He asked to add an automatic clipboard clearing feature. The man said that he uses the popular KeePass password manager, so he often copies and pastes complex passwords. When he saw that passwords remained in the One UI buffer in plain text, he decided to switch to Google’s Gboard keyboard. But it didn’t help either, as the copied passwords were still stored in the One UI buffer.
This is not a new problem. Gboard, for example, clears the clipboard on its own about every few hours. But One UI doesn’t, so users have to clear the — buffer history themselves and remember to do so. Otherwise, there is a risk that your logins, passwords, or other sensitive data will remain in the buffer.
Samsung’s response was not very encouraging. A company representative wrote the following:
«We understand your concerns about clipboard behavior and its impact on sensitive content. Clipboard history in One UI is managed at the system level. We have passed your suggestion for additional settings, such as auto-cleaning or excluding certain data, to the appropriate team for consideration. In the meantime, we recommend clearing the buffer history manually and using secure input methods for sensitive information.»
In other words, you shouldn’t expect a quick fix, even though users have been complaining about this problem for years. What’s worse, you can’t bypass this system with another keyboard app — the One UI buffer works separately. This means that if you lose your phone or install a malicious app, your data can be accessed by unauthorized persons.
Source: candid
Spelling error report
The following text will be sent to our editors: