Microsoft is preparing to launch its Recall feature, which uses Windows Copilot Runtime to provide help to find every part you've seen in your PC. Experts say this might be a privacy and cybersecurity disaster.
The idea behind “recall” is a very good one. You remember seeing a very good deal on an internet site, but you possibly can’t remember exactly what deal you saw or what photo you were wearing your favorite hat in.
No problem. Recall takes screenshots every few seconds while you employ your PC and helps you discover what you're in search of for those who simply describe it.
Does the concept of your operating system remembering all of your activity in your PC seem a bit unsettling? Microsoft says you don't need to worry because none of Recall's data is distributed back to its servers. It's all stored locally in your computer.
The problem is that the info shouldn’t be stored securely, and security experts say this might make it extremely easy for cybercriminals to steal your confidential information.
When Recall takes a snapshot of you entering your address, phone number or bank card information, it extracts that data using OCR (Optical Character Recognition) and stores it in plain text.
It shouldn’t be encrypted and is stored in a plain text database within the AppData folder, which may be accessed by anyone with administrator rights on the PC.
Security researcher Kevin Beaumont believes that with Recall, Microsoft will “deliberately set cybersecurity back a decade and put customers in danger by giving petty criminals more power.”
Beaumont tested Recall and showed how easy it will be for somebody to access your Recall data.
Microsoft told the media that a hacker couldn’t exfiltrate co-pilot+ Access activities remotely.
Reality: How do you’re thinking that hackers will extract this plaintext database of every part the user has ever viewed on their PC? Simple, I've automated it.
HT Detective pic.twitter.com/Njv2C9myxQ
— Kevin Beaumont (@GossiTheDog) May 30, 2024
Surely Microsoft has made it very difficult to access this data by securing the folder, right? Not necessarily. Beaumont shared a video showing Microsoft engineers simply opening the folder during an indication at the corporate's Build event.
Watch Microsoft employees gain access to the recall database files after 24 seconds and also you will likely be shocked by their excellent hacking skills. pic.twitter.com/RxBQ8iTixw
— Kevin Beaumont (@GossiTheDog) May 30, 2024
Beaumont says, “Recall allows threat actors to mechanically scrape every part you’ve ever checked out in seconds.”
He explained the seriousness of the situation: “So prepare for AI-powered super attacks. Currently, there are credential marketplaces where you possibly can buy stolen passwords – soon you’ll find a way to purchase stolen customer data from insurance firms, etc., because all of the code for this has been pre-installed and enabled by Microsoft on Windows.”
This has led to strong reactions from data protection officers and security experts. Microsoft may even recall the software before its release later this month.
