Samsung has acknowledged a significant security flaw in its Galaxy devices that potentially exposes user passwords and other sensitive information stored in the clipboard.
The issue was brought to light by a user identified as “OicitrapDraz” who posted concerns on Samsung’s community forum on April 14. “I copy passwords from my password manager all the time,” the user wrote. “How is it that Samsung’s clipboard saves everything in plain text with no expiration? That’s a huge security issue.”
In response, Samsung confirmed the vulnerability, stating: “We understand your concerns regarding clipboard behavior and how it may affect sensitive content. Clipboard history in One UI is managed at the system level.” The company added that the user’s “suggestion for more control over clipboard data—such as auto-clear or exclusion options—has been noted and shared with the appropriate team for consideration.”
One UI is Samsung’s customized version of Android that runs on Galaxy smartphones and tablets. The security flaw means that sensitive information copied to the clipboard remains accessible in plain text without any automatic expiration or encryption.
As a temporary solution, Samsung recommended that users “manually clear clipboard history when needed and use secure input methods for sensitive information.” This stopgap measure puts the burden of security on users rather than providing a system-level fix.
Security experts are particularly concerned now that this vulnerability has been publicly acknowledged, as it creates a potential “clipboard wormhole” that attackers could exploit to access passwords and other confidential information on affected devices. Users of Samsung Galaxy devices are advised to exercise extreme caution when copying sensitive information until a more comprehensive solution is implemented.