Last month, Microsoft announced the upcoming launch of Windows PC Copilot+ with integrated AI hardware and software. One of the features Microsoft touted was Recall, a tool designed to take regular snapshots of PC contents to help users find everything they saw or did on their computer.
It turns out that Recall could be a security nightmare for Windows users. Security expert Kevin Beaumont recently said (via The edge) that it was capable of automating a program that provides plain text data on everything a user has viewed, despite Microsoft’s claims that recall information cannot be exfiltrated remotely.
Beaumont claims that Recall is “essentially an information stealer” included by default in Windows and that it will “set back cybersecurity by a decade by empowering cybercriminals.” With Recall, hackers are able to delete “everything you’ve viewed in seconds” and users should prepare for “AI-powered super breaches.”
Microsoft describes Recall as a feature that lets you “search across time to find the content you need.” Powered by AI, Recall takes snapshots every five seconds when content on screen is different from the previous snapshot and stores the snapshots in a timeline, with AI software using OCR to render the text searchable snapshots. Microsoft says the snapshots are stored locally and analyzed on the device, which should keep them secure, but the OCR data is stored in an SQLite database accessible to hackers who infiltrate a PC using malware.
According to Beaumont, infostealer Trojans can be “easily modified to support Recall” and data for this feature can be accessed remotely. Microsoft “tried to do a bunch of things” to improve security, but ultimately, “none of these measures actually work well in the real world.” The database theoretically accessible to bad actors contains everything a user has seen, such as text messages and passwords, every user interaction, and every website visited (except Microsoft Edge in private mode).
Beaumont hasn’t shared all the technical details about how he automated the Recall database exfiltration and is waiting until Recall ships because he wants to give Microsoft “time to do something” . Beaumont recommends that Microsoft remove this feature at this time.
Copilot+ PCs with Recall are scheduled to launch on June 18. For now, Recall is enabled by default, although users can optionally disable it.
News Source : www.macrumors.com
Gn tech
