After running strings to reproduce the issue, Redditer fletom found "names, phone numbers, and emails addresses of several of my friends sitting right there, information I am positive I never put anywhere near this USB key.” DS_Store file copied and hidden on a USB. This is where Reddit’s Netsec entered the picture and several users reported they, too, could see a. In the lab, attempts to recreate a Mac copying “bad” files to a USB drive failed. store.db file that really shouldn't be there.” Yet without access to Alice, then it was unknown if this leakage was due to the way she configured her Mac, a third-party app, or malware. store.db - so it isn't at all obvious with standard forensic tools.į-Secure examined the thumb drive and confirmed that there “was data in the. Only a hex editor view revealed the leaked info embedded within.
From a conventional view, ".store.db" appeared to be identical to "store.db". And that's when he discovered that a file called ".store.db" contained e-mail addresses, subject lines, and in a few cases, the opening sentence of Alice's messages.Īlarmed that such data/metadata was copied to his USB drive, Bob investigated further and found that the information couldn't be seen using a forensic tool designed specifically for viewing such. (And why so many, what do they do?) Being a reverse engineer, Bob naturally examined the files with a hex editor.
And that's typical.īob was curious about the function of the files. Later, Bob inserted the USB drive into his Linux computer and saw Mac files. Alice inserted the USB drive into her Mac, copied the file, and then gave the USB drive back to Bob. Bob gave Alice a file via FAT32 formatted USB drive. Why? Because OS X has been accused of leaking data and metadata that “really shouldn’t be there” as it copies “hidden” files to USB drives.į-Secure’s Sean Sullivan related the following “true story” that involves “unknowns.”īob uses Linux.
If you have a Mac, and if BadUSB or the code released at Derb圜on to make BadUSB work didn’t scare you off from using thumb drives, then you might want to start using a free app like CleanMyDrive.