mitro-co / mitro

Repository for all Mitro client & server code
GNU General Public License v3.0
1.65k stars 242 forks source link

Android app vulnerable to clipboard hijacking #6

Open vijayp opened 10 years ago

vijayp commented 10 years ago

This application is vulnerable to clipboard hijacking when using clipboard for copying http://fc13.ifca.ai/proc/4-2.pdf

michaelbarlow7 commented 10 years ago

Has there been any work done on the proposed "USecPassBoard" ? Or is it just a theoretical solution at the moment?

evanj commented 10 years ago

Certainly there isn't any work that has been done as part of Mitro.

emilecantin commented 10 years ago

Keepass2Android implements a keyboard, and is open-source. Might be worth a look:

https://keepass2android.codeplex.com/SourceControl/latest#src/KP2AKeyboard/

luckyagarwal3247 commented 10 years ago

Hi,

I am working on solutions to the clipboard vulnerability as part of my masters thesis, currently in the process of designing my own variant of USecPassBoard.

Can anybody point me to helpful resources and/or research done in this domain.

Thanks

emilecantin commented 10 years ago

As I said, look at Keepass2Android.

forteller commented 9 years ago

How is the progress on this? Thanks!

vijayp commented 9 years ago

@forteller From what I can tell, no one is actively working on this. Please feel free to submit a pull request and someone will review!

forteller commented 9 years ago

Unfortunately I'm no coder. But EFF said they where working on fixing this. Disappointing if they've abandoned it. https://www.eff.org/deeplinks/2014/07/mitro-a-new-free-password-manager

evanj commented 9 years ago

Well, if you read the EFF's blog post, they never say they are going to be contributing or working on it. I don't work for or speak for the EFF, but they do believe that having a free, open source, trusted and reviewed password manager would be good for user's privacy and security. Hence, when we open sourced it, they helped us promote that, in the hopes that it might become a self-sustaining project.