Skip to main content
  1. Home
  2. Computing
  3. News

Windows improves handwriting-recognition skills at the peril of users’ security

Add as a preferred source on Google
Microsoft Surface Pro and Surface Pen 2017
Kyle Wiggers/Digital Trends

Windows has a built-in tool for improving its own handwriting recognition capability, and like many modern, smart features that increase their accuracy over time, it employs user data to do that. Some are concerned, however, that the way it stores that information could prove to be a security risk, as researchers have discovered everything from the content of emails to passwords stored in a single file.

Handwriting recognition was introduced in Windows 8 as part of its big drive toward touchscreen functionality. It automatically translates touch or stylus (these are the best ones) inputs into formatted text, improving its readability for the user, and giving other applications the ability to comprehend it. To help improve its accuracy, it looks at commonly used words in other documents, storing such information in a file called WaitList.dat. But digital forensics expert Barnaby Skeggs has highlighted that it stores just about any text on your system — not just handwritten content.

Recommended Videos

“Once [handwriting recognition] is on, text from every document and email which is indexed by the Windows Search Indexer service is stored in WaitList.dat. Not just the files interacted via the touchscreen writing feature,” Skeggs told ZDnet.

Considering how ubiquitous the Windows search indexing system is, this could mean that the content of most documents, emails, and forms ends up inside the WaitList file. The concern is that someone with access to the system — via a hack or malware attack — could find all sorts of personally identifiable information about the system’s owner. Worse yet, WaitList can store information even after the original files have been deleted, potentially opening up even greater security holes.

PowerShell command:

Stop-Process -name "SearchIndexer" -force;Start-Sleep -m 500;Select-String -Path $env:USERPROFILEAppDataLocalMicrosoftInputPersonalizationTextHarvesterWaitList.dat -Encoding unicode -Pattern "password"

— Barnaby Skeggs (@barnabyskeggs) August 26, 2018

This is something that has purportedly been known about in the forensics space for some time and has provided researchers with a useful way to prove the prior existence of a file and in some cases its contents, even if the original had been scrubbed from existence.

Although typically such a potential security hole would warrant contacting Microsoft about the issue before making the public aware of it, Skeggs has reportedly not done so, since the handwriting recognition feature is working as intended. This isn’t a bug, even if it’s potentially exploitable.

If you want to close up that potential security hole on your system, you can delete WaitList.dat manually by going to C:\Users\%User%\AppData\Local\Microsoft\InputPersonalization\TextHarvester. If you don’t find that folder, you don’t have handwriting recognition enabled, so you should be secure.

Well, you should be secure against this potential security flaw at least. We’d still recommend you enable Windows Defender and use one of the best anti-malware solutions.

Jon Martindale
Jon Martindale covers how to guides, best-of lists, and explainers to help everyone understand the hottest new hardware and…
macOS clipboard app Maccy has a fake out there stealing passwords
PamStealer malware is disguising itself as Maccy to target Mac users
Depicting of the Maccy clipboard app for macOS on a laptop with letters inb the background.

A fake version of Maccy, a popular clipboard manager for macOS, is being used to deliver a newly discovered Mac malware strain called PamStealer. Researchers at Jamf say the malware impersonates the real open-source app, but its actual purpose is to steal data and capture a victim’s login password.

PamStealer arrives as a disk image containing an AppleScript file that impersonates Maccy. Once the user opens that file, macOS launches it in Script Editor, where the on-screen instructions tell them to press Command-R. To someone expecting a normal app installer, that may look like an odd setup step. In reality, that action runs hidden malware code and starts the attack.

Read more
A new technology teaching drones to feel pain could stop your self-driving car from harming itself
Drones first, autonomous cars next. A pain-sensing system that detects failure before it happens has real stakes for self-driving vehicles.
Transportation, Vehicle, Car

When you sprain your ankle in the middle of a run, your body sends a pain signal to your brain, forcing you to stop. Essentially, the ability to sense pain stops you from pushing through the injury and causing further self-harm.

Researchers at Delft University of Technology and Wageningen University have applied this exact concept to drones, giving them a digital equivalent of a nervous system that recognizes a faulty part and triggers a pain-like warning signal. What's even more interesting is that the technology could find use in self-driving cars.

Read more
Claude Fable 5 is leaving subscriptions, but maybe not for good
High demand is pushing Claude Fable 5 out of subscriptions for now
Claude Fable 5 and Claude Mythos 5 Official Render

Anthropic’s most advanced publicly available Claude model is still leaving standard subscription access after July 7, but the company is now trying to calm fears that the move is permanent.

Fable 5 recently returned to Claude after drawing scrutiny from the U.S. government. Anthropic said it would be included on Pro, Max, Team, and select Enterprise plans for up to 50% of weekly usage limits through July 7. After that date, the model is set to move to usage-credit billing, meaning users will pay for access outside their regular plan limits.

Read more