Closed ca333 closed 9 months ago
CharlVS
commented
1 year ago @ca333 What about using the native "share to" feature to export as text to the app they select? This allows the text to go directly from our app to the user's preferred storage method. We should still show a warning since we can't guarantee it's safe to share with whichever app they select.
ca333
commented
1 year ago @ca333 What about using the native "share to" feature to export as text to the app they select? This allows the text to go directly from our app to the user's preferred storage method. We should still show a warning since we can't guarantee it's safe to share with whichever app they select.
As a general rule we should prevent any type of "sensitive data exportation" - unless the sensitive data is encrypted. Admitted, if the user installs a malicious app that is able to fetch his sensitive data from clipboard, input stream, et cetera all hope would be lost anyway, however we still want to make the bad guys life ultra hard. So the "optimal" scenario is where a user has an infiltrated device but regardless the malware/bad-guy is not able to (trivially) access the sensitive data.
So if the user wants to "export" priv-keys, seeds, etc. needs to use the native biological tools given by nature (hands, eyes, brain, etc).
naezith
commented
1 year ago Here is an article about it: https://medium.com/@jubin3424/clipboard-hijacking-attack-and-vulnerability-to-this-in-current-financial-services-2175e1ac6105
ChatGPT:
CharlVS
commented
1 year ago In #31 , no sensitive info is copied to the clipboard and uses the "Share to" option. This simple solution strikes a reasonable balance between UX and security. We can look at doing something more complex with the multi account update.
Currently, users are able to copy sensitive data to the clipboard which might expose them to potential security risks, especially in cases of clipboard data leakage or if any malicious application is monitoring clipboard contents.
I propose the following solution:
Disable Clipboard Functionality for Sensitive Data (preferred method): Disable the copy function for sensitive data such as private keys, seeds, et cetera. This will prevent sensitive data from ever reaching the clipboard, thereby securing it.
Alternative: If disabling is not an option due to UX considerations, we could display a big red warning message to inform the user of the potential risks when they attempt to copy sensitive data. Furthermore we could enhance the current implementation to automatically clear the clipboard after a short amount of time or similar.