Windows Is Storing Text From Emails, Analyst Says
Windows Is Storing Text From Emails, Analyst Says
Another potential email privacy issue has arisen, with an analyst charging that Windows is storing text stripped from emails as a function of its Windows Search Indexer function.
The discovery that this touchscreen data could be exposed was made by security researcher Barnaby Skeggs, who last week wrote: “WaitList.dat’ (WaitList) is a data file which has been found to contain stripped text from email, contact and document files.”
Skeggs examined the 140mb ‘WaitList.dat’ file and identified “metadata, and full body text of over 36’000 emails and documents, spanning back 3 years.”
He determined that the data within WaitList is “associated with the ‘Microsoft Windows Search Indexer’ process. This process locks the WaitList file on a live system.”
It is not clear what, if any, harm could ensue.
“There’s an obvious security implication there,” writes Paul Lilly on Hot Hardware. “If an attacker is able to compromise a PC with malware, he or she could focus on the WaitList.dat file and potentially pluck a gold mine of sensitive information. Furthermore, the attacker only need use a set of Powershell commands.”
But Catalin Cimpanu writes on ZDNet that “this file is not dangerous unless users enable the handwriting recognition feature, and even in those scenarios, unless a threat actor compromises the user’s system, either through malware or via physical access.”
Skeggs adds: “Since the release of Windows 8, and the ‘Metro’ interface, touch screen input has been implemented in a rapidly rising number of Windows devices including Microsoft Surface Pro/Book, 2-in-1s, convertible laptops and tablets.”
He continues that “Microsoft has catered for this trend, implementing conversion between touch/pen handwriting to computer text in software such as OneNote.”
(40)