Fix This Mac Security Flaw By Deleting Your Quick Look Cache

A new, unpleasant report making the rounds today is a great reminder that your Mac's Quick Look feature - useful as it might be for previewing files by mashing your space bar - stores information about the contents of encrypted USB drives you've connected to your system.

Your Mac's Quick Look feature is fun and useful, but not helpful if you're connecting encrypted USB drives to your system. Screenshot: David Murphy

In other words, connect a drive that you've previously encrypted through macOS or using a third-party encryption utility, open up its contents on your Mac with Quick Look - clandestine photos of your spy activity, for example - and your Mac will generate a cache of what you've opened. It stores this cache on your (presumably) unencrypted hard drive, and it isn't that tricky to access its contents, including the names and thumbnails of files you've viewed.

If you're pretty privacy-minded and would prefer your Mac not reveal the secret contents of your encrypted USB keys, you have a few ways to combat this issue:

  • Don't let people touch your Mac. To view your Quick Look cache, someone would have to have physical access to your system - as well as a way to bypass your security, authenticate into your machine, and do a bit of snooping. The easiest way to prevent this is to use strong passwords, lock your system with Touch ID (if applicable), and don't let your Mac out of your sight.
  • Encrypt your Mac. If you use FileVault, this entire problem isn't a problem any more. Quick Look will still store cache files on your system, but your system's files will be encrypted themselves. So, even if someone swipes your laptop and tries to get a sense of all the secret things you've been using it to view, they won't get very far unless they can log in as you. And if they can, no encryption in the world is going to stop them from doing or viewing whatever they want (obviously).
  • Delete your Quick Look cache. For a little extra peace of mind, you can simply delete your system's Quick Look cache at regular intervals. Pull up Terminal, type this in, and hit return: qlmanage -r cache

One simple command resets your Quick Look cache and makes the contents of your encrypted USB drives private once again. Screenshot: David Murphy


Comments

Be the first to comment on this story!

Trending Stories Right Now