Some newer versions of Windows PCs allow you to use them similar to the way you would a mobile phone. Included in this is touchscreen functionality where you can use your finger or a stylus to access files, design graphics and more. However, to use this nifty feature, you must enable the handwriting recognition feature, and by doing so, you could open the doors to your computer harvesting data.

The Discovery

Digital Forensics and Incident Response expert Barnaby Skeggs discovered the file WaitList.dat a few years ago. What’s so special about this file? It is found only on touchscreen capable Windows PCs after the user activated the handwriting recognition feature, according to Skeggs.Upon activation, the file stores text you input into your computer. This can come from a Microsoft Office document, email, or other applications. The goal behind harvesting data was for Windows to make the feature more adaptive, including suggesting words and proper syntax for the user. Skeggs told ZDNet, “In my testing, the population of WaitList.dat commences after you begin using handwriting gestures. This flicks the switch' (registry key) to turn the text harvester functionality (which generates WaitList.dat) on."Skeggs adds, "Once it is on, text from every document and email which is indexed by the Windows Search Indexer service is stored in WaitList.dat. Not just the files interacted via the touchscreen writing feature.”[caption id="attachment_24675" align="alignnone" width="1024"]

Photo by Alphr[/caption]

Consequences of Harvesting Data

This method of collecting texts presents a problem because of its all-encompassing nature. Skeggs notes, “On my PC, and in many test cases, WaitList.dat contained a text extract of every document or email stored on my system, even if the user deleted the source file.”On one hand, this can be beneficial to forensics. If they have access to deleted files thanks to this feature, it makes it easier to conduct investigations into people of interests.

At the same time, there could be consequences to this. If forensics can access it, this means hackers can as well.

Perhaps, your text files contain personal information such as log-ins for bank accounts, financial documents or other items you wouldn’t want a greedy pair of eyes to find. Well, now hackers have another way in. They don’t have to employ brute-force hacking techniques to find your sensitive documents, all they have to do is access the WaitList.dat file that contains all your text information. From there, Skeggs says all a hacker has to do is use powershell commands to find any passwords stored in texts.

How Do I Prevent Apps From Harvesting My Data?

Before downloading or activating a feature, read through its permissions. In this instance, if you don’t activate the handwriting feature, then there’s no need to worry about the file collecting your texts. It’s also wise to refrain from storing passwords or other personal information on documents where hackers can gain easy access. Instead, use a password manager to keep track of the myriad of usernames and passwords we have to remember.Meanwhile, if you become a victim of malware, know we can help. Our team has extensive experience in recovering files for personal users, businesses, and government agencies. Our four-step process includes a free, no-obligation quote so you can see all the solutions available to you. Contact us today to start your case.