Samsung acknowledged that certain Galaxy devices running One UI retain clipboard contents—including passwords copied from password managers—in plaintext indefinitely. A user reported that sensitive credentials remain accessible until manually cleared, creating a potential treasure trove for malware or malicious apps. Samsung advised manual clipboard clearing and secure input methods while promising to evaluate auto-clear or exclusion features in a future update.
Source: https://www.theregister.com/2025/04/28/security_news_in_brief/
TPRM report: https://scoringcyber.rankiteo.com/company/samsungmobile
"id": "sam600042825",
"linkid": "samsungmobile",
"type": "Vulnerability",
"date": "4/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'industry': 'Electronics',
'location': 'Global',
'name': 'Samsung',
'type': 'Corporation'}],
'attack_vector': 'Clipboard data retention',
'data_breach': {'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Sensitive credentials',
'Passwords']},
'description': 'Samsung acknowledged that certain Galaxy devices running One '
'UI retain clipboard contents—including passwords copied from '
'password managers—in plaintext indefinitely. A user reported '
'that sensitive credentials remain accessible until manually '
'cleared, creating a potential treasure trove for malware or '
'malicious apps. Samsung advised manual clipboard clearing and '
'secure input methods while promising to evaluate auto-clear '
'or exclusion features in a future update.',
'impact': {'data_compromised': ['Sensitive credentials', 'Passwords'],
'systems_affected': ['Galaxy devices running One UI']},
'response': {'remediation_measures': ['Manual clipboard clearing',
'Secure input methods']},
'title': 'Samsung Clipboard Vulnerability',
'type': 'Vulnerability',
'vulnerability_exploited': 'Plaintext clipboard retention'}