search icon
Close

What are you looking for?

cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Security Flaw with Samsung Clipboard

(Topic created on: 22-04-2025 08:39 PM)
604 Views

I have this problem too (2)

JAMES4578
Samsung Members Star ★★

‎22-04-2025 08:39 PM - last edited ‎22-04-2025 08:41 PM

Options

Security researchers have identified that Samsung Devices running Android 9 or later  store all clipbopard content including passwords and Banking details in plain text indefinitely without an automatic  deletion  mechanism. It is not possible to auto delete entries after a specific time period  which can result in a security risk, this was recognised by a US Samsung Moderator.The issue will be passed to the developers for a fix but there is no timeframe on that at present.

Most concerning is the threat from malware  which can target clipboard data to steal credentials and financial information. Any sensitive information should be cleared from the clipboard manually. Third party keyboards like Swifkey do automatically clear the contents after an hour,Samsung's  system level  storage will still retain the information though.

It is to do with Samsung's implemetation of the Android Clipboard  API, can see the technical details here https://cybersecuritynews.com/samsung-one-ui-security-flaw/

 

I do not work for Samsung or make Samsung Products but provide independent advice and valuable contributions.


2 people had this problem.
8 REPLIES 8
arianwen27
Black Belt 

‎22-04-2025 08:43 PM - last edited ‎22-04-2025 08:49 PM

Options
I swear I remember someone made a post here asking how to disable the clipboard save feature. Seems they knew something we didn't.

For right now, as long as you don't use a password manager that copies the password for you to paste, nothing super sensitive should be in there. Though of course you can manually clear it. Now we wait for a fix.

Update. The clipboard has a max of 40 items. So if you copy a lot of things, they are auto deleted. Source: had 40 things, copied something, still said 40 oldest was deleted
Obsydian
Samsung Members Star ★

‎22-04-2025 08:46 PM

Options
Wow, glad I use a password manager for all that auto fill stuff, well until that gets hacked 😂

Noticed when I clean installed UI7 Microsoft Edge now won't autofill my address or credit card without Microsoft Authenticator approval.

I do delete my clipboard daily, but keep a few things pinned, nothing confidential, but deleted with data is never really deleted.

Hope a fix is found, a proper barn door clanger, thanks for the heads up.

2 Decades Samsung Ownership, If my response helps leave a Like and Accept as a Solution
DAILY: ZFold6, Watch Ultra, Fit3, CL Ace 2, BT-W6, 20,000 Power bank, Smart Tags
FAMILY: ZFlip5, ZFlip6, Watch6 Classic, Tab S8 Ultra, Tab S7 Plus, Buds Pro2, Buds3 Pro
OFFICE: Book2 Pro i7, M70A 32”, Logitech K700, MX Ego, M720 Triathlon, Pop, Jabra Evolve2
AV/GAMING: QN95A 50” TV, Q900A, SW900s, 8 Series TV, LG OLED, M70A 43”, Dell Inspiron G5
APPLIANCES: Jet 75 Vacuum, MC32 Oven, American Fridge, 8 Series TV, LG OLED
SPARES: ZFlip4, ZFlip3, Buds1 Pro, Buds2 Pro, Book2 Pro i5, Level Speaker
MAINTAIN: iPhone 14, iPad Air4, iPad Mini4, iPad Pro1 12.9, Watch6

JAMES4578
Samsung Members Star ★★

‎22-04-2025 09:02 PM

Options
In response to arianwen27
Oh right,yes if you copy a lot not so much of a factor.

Still a concern though I would not have anything sensitive in there.

I do not work for Samsung or make Samsung Products but provide independent advice and valuable contributions.


JAMES4578
Samsung Members Star ★★

‎22-04-2025 09:04 PM

Options
In response to Obsydian
No problem,whilst can take precautions not the full solution.

I do not work for Samsung or make Samsung Products but provide independent advice and valuable contributions.


0 Likes
Star_girl
Samsung Members Star ★

‎22-04-2025 10:10 PM

Options
Security settings should be more thorough than, for the people who just want to use their phones and are not so much into tech.
Also would the phone's own antivirus detect suspicious malware? Every time I perform a scan it doesn't find any malware, and I trust it. I hope it's accurate.
Sonora
Maestro

‎23-04-2025 06:55 AM - last edited ‎23-04-2025 07:17 AM

Options

It wasn't discovered by a US Samsung moderator, it's been known for years, as it says at the bottom of the text you linked 

 This security flaw has reportedly been known for years, with users across Reddit, XDA, and Samsung forums raising concerns without substantive resolution.

Google search:

https://forums.androidcentral.com/threads/warning-samsung-users.1065119/

https://www.reddit.com/r/samsunggalaxy/comments/mtakqq/how_to_disable_the_clipboard_history_this_is_...

But, if everyone is just now talking about it, my guess is that Samsung has finally patched it.

0 Likes
JAMES4578
Samsung Members Star ★★

‎23-04-2025 10:06 AM

Options
In response to Sonora
I did not say it was discovered by a Samsung Moderator , they did confirm the issue. Yes the flaw has been reported for a number of years,seems whilst Samsung more proactive seems we are still awaiting the patch.

I do not work for Samsung or make Samsung Products but provide independent advice and valuable contributions.


0 Likes
Sonora
Maestro

‎23-04-2025 10:29 AM - last edited ‎23-04-2025 10:38 AM

Options
In response to JAMES4578

What I noticed is:Regardless of deleting the clipboard, the last copy before deletion can be loaded into the browser's after deletion, so it takes several copies to the clipboard to delete the password if it was the last copy, clean RAM and restarting the phone, because only by restarting the phone does the possibility of copying the last item from the clipboard to Google Translate disappear . So, after deleting clipboard,  a phone restart is also required so that applications like Google Translate can no longer paste the last (deleted) item into the clipboard.