A team of cybersecurity specialists discovered that LinkedIn can access data stored on the iOS device clipboard without users’ consent.
According to the report, this reprehensible behavior was detected thanks to the beta version of iOS 14, which notifies users when an app or widget accesses clipboard content; this was the way it was discovered that other applications, such as TikTok, have similar behaviors.
Researchers noted that this professional networking platform could access and even copy clipboard content to a MacBook Pro taking advantage of Apple’s Universal Clipboard feature. After the report was revealed, LinkedIn acknowledged the incident and announced the release of a correction.
Via Twitter, one of the researchers described the problem, mentioning that the app was able to copy every keystroke. At the same time, the researcher received notifications about this action on their iPad.
It’s worth mentioning that Apple’s operating systems employ a feature called Universal Clipboard, which allows users to copy text, images, and video between Apple devices without any problem. After enabling this feature, it was very easy for researchers to know which applications or services could access this tool. The notifications feature was implemented starting with iOS 14.
Although multiple services and apps (such as Google Chrome) access the clipboard of users of iOS and Android devices, many specialists consider this to be a feature that should be restricted for multiple apps, as their use could trigger cybersecurity issues.
Erran Berger, vice president of engineering at LinkedIn, acknowledged this problem and attributed it to an equality check between clipboard content and content written on the target application. Berger added that this information is not stored by LinkedIn and that the issue will be fixed shortly.
A few months ago, experts discovered that TikTok was doing the same thing. In response, the application released an update to fix this behavior. Similar research has reported that at least 60 popular apps and services do the same, including AliExpress Shopping App, Call of Duty Mobile, Fruit Ninja, Reuters, Truecaller, among other apps. Developers have set out multiple reasons why they perform these actions, although a considerable portion of them have committed to restricting access to the user’s clipboard in future versions of their apps.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.