13

New iOS10 and macOS Sierra has a feature called universal clipboard. You can copy something (text, image) on one device and paste it on another. How secure is it and does that mean that everything that you'll copy on any device will automatically upload to iCloud?

user179996
  • 365
  • 1
  • 2
  • 7
  • Same question here, I did read it auto deletes after 2 minutes and should be encrypted end-to-end between devices but not sure how reliable the answer is https://discussions.apple.com/thread/7676002?start=0&tstart=0 – user3244085 Sep 24 '16 at 07:43
  • I've heard that Handoff (the feature that allows to sync app state between apps running on Mac and iOS) uses Bluetooth to transmit data. If that's the case there's a good chance the universal clipboard does the same, and then it should be relatively secure, at least against remote attackers. – André Borie Sep 29 '16 at 01:40

1 Answers1

1

Personally, I would not put anything truly sensitive there.

Even if you trust that Apple really encrypts its databases, doesn't give away keys or back doors, the algorithm hasn't been perverted by the NSA, the crypto library isn't buggy, it's also secured in transport with perfect forward secrecy and mutual authentication (no MiTM SSL inspection), RAM is randomized and encrypted, you were not on Wi-Fi/Bluetooth, no renegotiation or compression type garbage... then you still need to consider that every time there is a jailbreak, that means someone has discovered a bug that allows them to completely compromise the security of the endpoint's iOS.

It's another tradeoff of security for convenience. Use it wisely. Consider the risk and manage it. For some uses, it's secure enough. For others, it's not.

Courtney Schwartz
  • 89
  • 7
  • "Secure Enough" that is always the key isn't it? Using 256-bit AES might be secure enough, just like 56-bit DES was. – MikeP Oct 18 '16 at 15:57
  • 2
    IMO this doesn't address the question at all - the question is essentially whether transferring the information over UC is more or less safe than reading the information on one screen and typing it into another device. If one of the devices is jailbroken, the security of the information is already compromised and the method of transmitting information is moot. – Ken Williams Oct 10 '19 at 15:18