Original topic:

Critical Security Issue with Samsung Keyboard Clipboard in DeX Mode

(Topic created: 10-11-2024 03:18 AM)
543 Views
santafe
Constellation
Options
Tablets

Hello Samsung,

after using my brandnew Galaxy Tab S10+ for a few days I realize, that there is a, serious non-circumventable security issue for DeX users due to Samsung enforcing the Samsung Keyboard in DEX mode together with an enforced clipboard history. This also applies when using a physical keyboard, since there is still the Samsung keyboard active in the background.

It is already a hard limitation to disallow the user to use third party keyboards. But the primary issue here is that Samsung Keyboard stores clipboard contents indefinitely, including sensitive data such as passwords, private messages, and financial details. There is no option to disable this clipboard history, leaving sensitive information exposed to potential misuse. Anybody with the unlocked device in his hands could quickly and easily steal sensitive information from the clipboard history. In combination with the browser history logins can be reconstructed very simply. For DeX users handling business data, this risk is magnified.

This poses a critical privacy and security vulnerability, especially in professional environments where data confidentiality is paramount. Additionally password manager apps like Keepass derivates are also badly affected by this, since it breaks non-clipboard based solutions to filling forms.

I find it hard to believe for me that Samsung, who is putting much effort into security, exposes it's users to such a risk.

I propose the following solutions for this:

1. Add an Option to Disable Clipboard History: Users should have control over whether clipboard contents are stored by the keyboard, similar to features found in third-party apps.

2. Implement Automatic Clipboard Clearing: Introduce a feature that automatically clears the clipboard after a specified time and/or when locking the device, ensuring that sensitive data doesnā€™t persist unnecessarily.

3. Enhance Transparency: Samsung should clearly communicate to users when clipboard contents are stored and provide frequent prompts to clear the history after handling sensitive information.

4. Enable third party Keyboard Support in DEX: Allow users to choose their favorite keyboard.

Without these changes, DeX users are forced to rely on manual clipboard clearing, which is impractical and insecure for those dealing with confidential information on a daily basis.

Thank you for your attention, I hope this will be heard.

1 Reply
Options
Tablets
You just opened a clipboard and press on the item you want to delete and delete it.
0 Likes