Macs leak sensitive data from encrypted files, even after they’re deleted

A background feature in MacOS called Quick Look is leaking sensitive data even if the content is locked behind password-protected encryption, security experts claim. Introduced in MacOS 10.5 Leopard, Apple designed Quick Look to give you a glimpse into a file without manually opening it with an app. But for the sake of convenience, Quick Look serves up a dish of potential privacy concerns. 

Used by the Finder app in MacOS, Quick Look stores a thumbnail containing the file’s full name, path, and a miniature image of what is stored inside the file, even if it’s password-protected and encrypted. This cached data also isn’t secured: It’s stored openly without passwords or encryption in the user’s TMPDIR directory and accessible to any person or application. The data even remains on the Mac after you reboot the device, delete the original files, and/or disconnect an external storage device. 

mac quick look leaks sensitive data encrypted files sqlite

That said, if someone gains physical access to your Mac device, they can view the contents of any stored file. That makes Quick Look a highly useful tool for forensic investigations, surveillance implants, and for nosy significant others who simply want a quick way to snoop through your files. 

“Imagine having a historic record of the USB devices, files on the devices, and even thumbnails of the files … all stored persistently in an unencrypted database, long after the USB devices have been removed (and perhaps destroyed),” says chief research officer Patrick Wardle of Digital Security. “For users, the question is: Do you really want your Mac recording the file paths and ‘previews’ thumbnails of the files on any/all USB sticks that you’ve ever inserted into your Mac? Me thinks not.” 

The blog builds on a report issued by Wojciech Regula from SecuRing in early June who pointed out that the cached thumbnails remain on a Mac even if the originating files were deleted, previewed on an encrypted drive, or previewed using a TrueCrypt/VeraCrypt container. 

“If you open a folder with files residing on an external drive, thumbnails will be created on the boot drive depending on the file type and the installed Quick Look plugins,” Wardle adds. “The previews, metadata and file paths are stored in SQLite database files deep inside the var folder. The path to this folder contains arbitrary folder names. With the proper commands the preview pics can be extracted from the database.” 

Currently, Mac owners can manually clear the Quick Look cache using the “qlmanage” command. In the latest version of MacOS High Sierra, simply navigate to Launcher > Other > Terminal and type “qlmanage -r cache” at the prompt without the quotes. After that, reboot the Mac and the thumbnails should be gone. 

Product Review

Controversy has dogged the MacBook Pro lately. Is it still a good purchase?

The MacBook Pro is a controversial laptop these days -- and that's unfortunate. Due to some divisive changes Apple made to the functionality of the MacBook Pro, fans are more split. Does the 8th-gen refresh change that?
Computing

Documentation shows data recovery possible for Macs with T2 coprocessor

New documentation from Apple shows that data recovery is indeed possible for Macs with T2 Coprocessor thanks to internal diagnostics software, giving users of the 2018 MacBook Pro new hope in the event of a system failure.
Computing

Photoshop isn't required to resize images. Here are 6 ways to do it in seconds

Resizing an image isn't the toughest thing in the world, even if it may seem like a hassle. Here's how to resize an image using six tools that allow you to make quick work of any photo, regardless of your operating system.
Mobile

iOS 12 is now available -- here's how to install it on your Apple device

Apple unveiled iOS 12 at this year's WWDC and it's now ready for everyone. Here's how to install iOS 12 on an iPhone, iPad, or iPod Touch using your device's settings or with iTunes on your computer.
Gaming

Dive head first into the best experiences available now on the Oculus Rift

The Oculus Rift brought back virtual reality and put a modern twist to it. Grab your Touch Controllers, put on your VR headset, and jump into the fun with some of the best Oculus Rift games available now.
Computing

Ripple cryptocurrency jumps 70 percent in 24 hours after news of bank deal

The Ripple cryptocurrency has seen its value reach the highest point since late 2017 after a tease from a Ripple Labs regulator suggested it could soon be adopted by banks for international money transfers.
Computing

Google tells lawmakers it allows other apps access to your Gmail

Google admitted to lawmakers in a letter that its privacy policy allows third-party apps access to the email messages of its 1.4 billion Gmail users. Google says the apps need the consent of users before access is granted.
Computing

From beautiful to downright weird, check out these great dual monitor wallpapers

Multitasking with two monitors doesn't necessarily mean you need to split your screens with two separate wallpapers. From beautiful to downright weird, here are our top sites for finding the best dual monitor wallpapers for you.
Computing

Gaming on a laptop has never been better. These are your best options

Gaming desktops are powerful, but they tie you down to your desk. For those of us who prefer a more mobile experience, here are the best gaming laptops on the market, ranging from budget machines to maxed-out, wallet-emptying PCs.
Computing

Tired of paying for shipping? Here's how to set up an Amazon Prime account

Want to know how to sign up for Amazon Prime? It's easier than you might think and even comes with a free trial so that you can enjoy all of its benefits for 30 days risk-free. Just follow these steps.
Social Media

Twitter squashes security bug leaking direct messages since 2017

The team at Twitter has discovered and corrected a security bug within one of their developer APIs that has been leaking sensitive information sent via direct messages to business accounts.
Computing

Tired of choosing between Windows and Mac? Check out these Chromebooks instead

We've compiled a list of the best Chromebooks -- laptops that combine great battery life, comfortable keyboards, and the performance it takes to run Google's lightweight Chrome OS. From Samsung to Acer, these are the Chromebooks that really…
Product Review

It's the thinnest touchscreen laptop, but HP's Spectre doesn't sacrifice speed

Our HP Spectre 13 review evaluates the “world’s thinnest touchscreen notebook” to see if it’s possible to make something smaller while increasing its speed and longevity. Spoiler alert -- it is. But does that make it a laptop you…
Computing

What's the best laptop? We've reviewed a lot of them, and this is our answer

The best laptop should be one that checks all the boxes: Great battery life, beautiful design, and top-notch performance. The laptops we've chosen for our best laptops you can buy do all that — and throw in some extra features while…