Most of use have a habit of storing login credentials for each website in a text file or in notes app on our device and whenever we want to login to any website, we conveniently copy the username/password and paste it into login form fields of the website we want to get in.
Of course lot of websites do restrict copy-pasting of passwords in the login fields, however a large majority of website do allow copy-pasting of login credentials and this is where it gets dangerous. The situation can easily turn disastrous if someone sitting other side of the world could sniff your password that is stored in your clipboard when you copied it.
You will never hear any security personnel or any website owner saying, they are completely hack-proof, because the truth is there is nothing called hack-proof and but the noobs just don’t admit it.
The hackers have been stealing credit card data, social security numbers and off course your online identity with very simple yet powerful techniques like phishing.
Do you know all most all of the popular companies have a hack history? Yes, companies like Twitter, Facebook, Google, Microsoft and even NASA have faced terrible hacking attacks. No matter what security software or firewall one is using, nobody is 100% hack proof and so you are.
Now lets get back to the topic we are discussing here, almost everyone of us are good at copy-paste work, right? isn’t it so simple just press Ctrl+C to copy and Ctrl+V to paste. So much so that we even copy-paste our password in the login fields and that’s where comes the biggest Risk.
Believe me it’s not at all safe and actually, it doesn’t really matter how complex or large your password is, if you use copy-paste option to enter password using any browser such as Internet Explorer then you are at a big risk my dear.
Most of us are active on many websites including social networks and as a best practice we use different passwords on each website, but gradually it becomes tedious to remember so many passwords and we end up creating an excel sheet or text document of our passwords and later we just copy-paste whenever required. So we finally make that small mistake which is enough for the cyber criminals.
How is this possible – stealing clipboard data?
Try it yourself!
Works only on Internet Explorer
- Copy any random text from this page or from your PC.
- Open Internet Explorer browser and go to https://www.hacker9.com/your-clipboard-data
You will see your last clipboard data in the message box, Surprised?,. you shouldn’t be. If you are using latest version of Internet Explorer, you will be asked to choose whether you want to allow the webpage to access your clipboard data or not.
var content = clipboardData.getDataundefined”Text”);>
The script works only on internet explorer, and not on other browsers like Chrome, but this doesn’t mean, you are safe. Most modern browsers like chrome, Firefox, etc. support extensions or addons. These are extra piece of codes that you can install into your browser to extend functionality. These extensions can easily see and copy your clipboard data.
As you have seen, the script above has successfully displayed your last copied text, its also possible to save or send that data to hackers server and access it later on.
This test proves that it is totally unsafe to copy-paste passwords or any other sensitive data like credit card details, bank details, etc. in the browser, Since it is extremely easy to extract the text stored in the clipboard to steal your sensitive information.
Protection for IE users:
To avoid clipboard hijacking, do the following:
- Go to “internet options and security”.
- Press “custom level”.
- In the security settings, select disable under “Allow paste operations via script”.
Now the contents of your clipboard are safe. Please forward this article to as many friends as you can to make them aware of this issue.