Last month, Microsoft announced the upcoming launch of Windows Copilot+ PCs with built-in AI hardware and software. One feature Microsoft promoted was Recall, a tool designed to take regular snapshots of computer content to help users find everything they’ve seen or done on their computer.
As it turns out, Recall can be a security nightmare for Windows users. Security expert Kevin Beaumont recently said (via threshold) that he was able to automate a program that provides plain-text records of everything a user has seen, despite Microsoft’s claims that Memory information cannot be remotely extracted.
Beaumont claims that Recall is “essentially an info stealer” that comes with Windows by default and will “set cybersecurity back a decade by empowering cybercriminals.” With Recall, hackers are able to scrape “everything you’ve ever seen in seconds” and users should brace themselves for “AI-powered super breaches.”
Microsoft describes Recall as a feature that lets you “search in time to find the content you need.” Powered by AI, Recall takes snapshots every five seconds when the content on the screen is different from the previous snapshot and saves the snapshots to a timeline, with the AI software using OCR to make the text on the picture searchable. Microsoft says the pictures are stored locally and analyzed on the device, which should make them safe, but the OCR data is stored in an SQLite database that can be accessed by hackers who break into a computer using malware.
According to Beaumont, infostealer trojans are able to be “easily modified to support Recall” and data from the feature can be accessed remotely. Microsoft “tried to do a bunch of things” to improve security, but ultimately “none of them work properly in the real world.” The database, which is theoretically accessible by malicious actors, contains everything a user has seen, such as text messages and passwords, every user interaction, and all websites visited (with the exception of Microsoft Edge in private mode ).
Beaumont has not shared the full technical details of how he automated the exfiltration of the Recall database and is holding off until the Recall is sent because he wants to give Microsoft “time to do something.” Beaumont recommends that Microsoft pull the feature for now.
Copilot+ computers with Recall are set to launch on June 18. As of now, Recall is enabled by default, although users can optionally disable it.
#Security #researcher #calls #Windows #Recalls #Screenshoting #Feature #disaster
Image Source : www.macrumors.com
Leave a Reply