Windows improves handwriting-recognition skills at the peril of users’ security

Microsoft Surface Pro and Surface Pen 2017
Kyle Wiggers/Digital Trends

Windows has a built-in tool for improving its own handwriting recognition capability, and like many modern, smart features that increase their accuracy over time, it employs user data to do that. Some are concerned, however, that the way it stores that information could prove to be a security risk, as researchers have discovered everything from the content of emails to passwords stored in a single file.

Handwriting recognition was introduced in Windows 8 as part of its big drive toward touchscreen functionality. It automatically translates touch or stylus (these are the best ones) inputs into formatted text, improving its readability for the user, and giving other applications the ability to comprehend it. To help improve its accuracy, it looks at commonly used words in other documents, storing such information in a file called WaitList.dat. But digital forensics expert Barnaby Skeggs has highlighted that it stores just about any text on your system — not just handwritten content.

“Once [handwriting recognition] is on, text from every document and email which is indexed by the Windows Search Indexer service is stored in WaitList.dat. Not just the files interacted via the touchscreen writing feature,” Skeggs told ZDnet.

Considering how ubiquitous the Windows search indexing system is, this could mean that the content of most documents, emails, and forms ends up inside the WaitList file. The concern is that someone with access to the system — via a hack or malware attack — could find all sorts of personally identifiable information about the system’s owner. Worse yet, WaitList can store information even after the original files have been deleted, potentially opening up even greater security holes.

This is something that has purportedly been known about in the forensics space for some time and has provided researchers with a useful way to prove the prior existence of a file and in some cases its contents, even if the original had been scrubbed from existence.

Although typically such a potential security hole would warrant contacting Microsoft about the issue before making the public aware of it, Skeggs has reportedly not done so, since the handwriting recognition feature is working as intended. This isn’t a bug, even if it’s potentially exploitable.

If you want to close up that potential security hole on your system, you can delete WaitList.dat manually by going to C:\Users\%User%\AppData\Local\Microsoft\InputPersonalization\TextHarvester. If you don’t find that folder, you don’t have handwriting recognition enabled, so you should be secure.

Well, you should be secure against this potential security flaw at least. We’d still recommend you enable Windows Defender and use one of the best anti-malware solutions.

Product Review

Samsung’s quick and versatile Chromebook Pro is the future of Chrome OS

Before the Pixelbook hit the market, the Samsung Chromebook Pro was the first premium 2-in-1 Chromebook of its kind. It's portable, stylus and touchscreen-enabled, and came with the Google Play Store installed right out of the box.
Photography

Adobe’s Premiere Rush is a video-editing app designed for social media projects

At Adobe MAX 2018, Adobe unveiled updates across the board for all of its Creative Cloud apps, from the release of Premiere Rush CC, a social-focused video editor, to Project Gemini, a digital drawing and painting tool.
Emerging Tech

What the heck is machine learning, and why is it everywhere these days?

Machine learning has been responsible for some of the biggest advances in artificial intelligence over the past decade. But what exactly is it? Check out our handy beginner's guide.
Computing

Windows Insiders get fix for October 2018 Update’s data delete bug

Microsoft has patched its October 2018 Update for Windows 10 to include a fix for the data deletion bug that hit a few users upon the initial rollout. Insiders will test it first before it's sent to the full Windows user base.
Computing

Personal info of 30,000-plus Pentagon employees compromised in contractor breach

The Pentagon is facing another security problem after it was discovered that a contractor was responsible for a leak of data that affected more than 30,000 Pentagon employees, both civilian and military.
Computing

Did your Windows 10 audio stop working after the update? Microsoft has a fix

Microsoft has released a small patch for its October 2018 Update build of Windows 10 following some users facing audio issues that resulted in no sound output at all. After this fix, that problem should disappear for good.
Computing

World’s first 49-inch, dual QHD curved monitor tops Dell’s new line of displays

Dell's world's first 49-inch dual QHD curved monitor and other new displays come packed with innovative design features and technologies aimed at meeting demands of workflows everywhere.
Computing

Updated Intel processor benchmarks still beat AMD Ryzen competitor, but by less

After some controversy, updated Principled Technologies testing shows the Intel i9-9900K with a reduced lead over the AMD Ryzen 2700X in benchmarks, and with the AMD Ryzen 2700 X seeing better performance. 
Home Theater

HDMI 2.0b is a whole lot more than just a connection to your TV

HDMI 2.0b is the backbone for many of the latest updates in 4K UHD technology. And while a new cable standard can often involve a bunch of changes for consumers, that is not the case this time around.
Computing

Memory is still expensive, but Intel’s 9th-gen CPU lets you have 128GB of it

Intel's 9-series CPUs have a few exciting things going for them but for some, new support for double height memory modules with a maximum system capacity of 128GB could be one of them.
Computing

Your ‘Do Not Track’ tool might be helping websites track you, study says

New research from the "Do Not Track" features embedded in popular browsers are being ignored, opening up the possibility of consumers having their information targeted by specific ads based on their web histories and cookies. 
Computing

Which is best: The Lenovo ThinkPad X1 Extreme or the 15-inch MacBook Pro?

To try and help nail down the best 15-inch laptops in the world, we compared the Lenovo ThinkPad X1 Extreme vs. MacBook Pro 15 in a head to head that looked at their power, design, and portability.
Computing

Microsoft co-founder, Seahawks owner Paul Allen dies at 65

Microsoft co-founder Paul Allen died on October 15 of complications from non-Hodgkin's lymphoma. The cancer survivor was best known for his entrepreneurial spirit and his frequent contributions to charities.
Product Review

Don't bother with any other 2-in-1. The Surface Pro 6 is still the best

The Surface Pro been updated to its sixth generation, now coming dressed in black and packing a quad-core processor. Outside of that, you’ll have to dig a little deeper to see where Microsoft has made some truly noteworthy improvements.