Apple - How to secure macOS's clipboard?

No security for data that is in one of the system clipboards is possible by design. This appears to be changing with 2020 features in publicly announced betas where Apple potentially will notify us each time an app copies content out of the clipboard. Some very common apps appear to be abusing the privilege and even if your password manager clears the contents quickly, this could easily be abused to steal keystrokes and passwords or other sensitive data.

The macOS clipboard is a public billboard open to all processes. Clipboard is the mechanism to let all apps read / modify shared data.

Practically you can Either restrict your set of apps installed to those you trust with the data you put in the clipboard or don't restrict sensitive content by never placing it into the clipboard so that the least trusted app only gets data you can permit it to see / log / capture / exfiltrate.

From here, the rabbit hole for developers and security minded people using macOS begins with an overview of secure text input options within programs to prevent key loggers in addition to pasteboard snoopers from grabbing secure input:

  • Technical Note TN2150: Using Secure Event Input Fairly
  • insecure keyboard entry - a blog post by Daniel Jalkut
  • How secure is “Secure Keyboard Entry” in Mac OS X's Terminal?
  • https://arstechnica.com/gadgets/2020/06/tiktok-and-53-other-ios-apps-still-snoop-your-sensitive-clipboard-data/

There are some things you can do, however, to mitigate this. Freely available and trustworthy software can show you event taps, key loggers, exfiltration and just communication attempts so you can catch a program that might do things you don’t expect.

  • https://objective-see.com/products/reikey.html
  • https://objective-see.com/products/lulu.html

ReiKey and LuLu are two I would start with to secure yourself and thereby your clipboard contents.


Any process with sufficient permissions can read your clipboard at any time, and you can't easily prevent this. Security is always a trade-off with usability, and this is the choice that most (but not all) OSes take when implementing the clipboard.

Some apps that store sensitive data (e.g. 1Password) implement a timeout such that any information you copy out of that application is cleared from the clipboard a short time later. If you'd like to do something like that globally, you could look at the answers to this previous question for ideas.

Tags:

Macos

Copy Paste

Related

Apple - Finder image icons don't display at size 16x16 but load fine at 20x20 pixels Apple - WhatsApp using huge space on my Mac SSD Apple - Activation lock MacBook to Apple ID? Apple - Lost the Option to Boot into macOS After Windows 10 Bootcamp Installation Apple - Is it possible to create a text list of all my apps on the (Mac) App Store? Apple - Chrome glitching graphics on macbook pro Apple - macOS unattended install Apple - Changing right-hand Command & Alt key order to be like a Windows keyboard Apple - Folder displaying in terminal but not finder Apple - How can I copy application settings from one user account to the other on the same machine? Apple - Why is the System Preferences Dock icon showing a Badge? Apple - What software can turn off Wi-Fi automatically when closing lid?

Recent Posts