WaitList.dat, the secret Windows file that could store passwords and private conversations

[Blexfraptor]

Barnaby Skeggs, expert of Digital Forensics and Incident Response (DFIR), has explained the security problems generated by the existence of a hidden file called WaitList.dat. This file is only present in the Windows compilations installed on touch computers in which the handwriting recognition function has been activated. This changes by formatted normal text what we write with the finger or with a pointer.
 

This functionality was introduced with Windows 8 and is still present in Windows 10. This implies that the WaitList.dat file can be in a computer for years without the user suspecting it. As we have said, this function recognizes and suggests corrections on the handwritten text.

According to the security researcher, this file is created as soon as we start using the function. From there, the text of any document or email that we send is indexed in the Windows Search Indexer service stored in WaitList.dat. In addition, we not only talk about file names or metadata, but about the written text itself.

Texts of documents or emails that were even deleted were found on the computer used for the tests. And not only that, Barnaby Skeggs explains that this file could be used to recover text from deleted files because they are still indexed in WaitList.dat.

This already wrote in 2016 about this file, but it has been now when the issue has gone viral something else. This is due to the possibility of using this file to search passwords and other private data on the computer. In addition, an attacker would only have to steal WaitList.dat instead of scanning the entire PC located at:

? \ Users \% User% \ AppData \ Local \ Microsoft \ InputPersonalization \ TextHarvester \ WaitList.dat

At the moment, he has not contacted Microsoft because he thinks it is not a security breach. Users who do not want to be exposed should not activate this function on their touch screen computers.