Recall, the computer history saving function supported by Microsoft’s newly launched Copilot+ AI has been compared to one of the many fictional dystopian tech gadgets found in the series black mirror on the day the news was announced last month.
Now that Recall is in the hands of cybersecurity experts, the response to Microsoft’s new feature has been somewhat worse than critics imagined.
Cybersecurity expert Kevin Beaumont, who previously worked as a senior threat intelligence analyst at Microsoft, writes in a new report: “It now only takes two lines of code to steal everything you have on your Windows PC. Everything entered or viewed on. Actual review of recallsin which he declared the product a “disaster.”
Microsoft’s Recall is apparently riddled with security holes that make a user’s entire computer history, including passwords and other sensitive information, publicly available to bad actors.
Microsoft is investigating a new ‘recall’ AI feature that tracks your every computer move
What is Microsoft’s Copilot+ Recall?”
For those who don’t know, Microsoft recently launched Recall, a new artificial intelligence feature built into its Windows operating system. Recall essentially takes screenshots continuously in the background while the user is using their computer on a daily basis. Microsoft’s Copilot+ AI then scans each screenshot to create a searchable database of every action performed on the computer.
Memories is a bit like a web browser’s web history, in that users can search not only for sites they’ve visited before, but also for very specific content they read or saw on that page. Of course, these capabilities extend beyond a user’s browser history and include every action they take on their computer.
Immediately after the news was released, cybersecurity experts shared their questions about the feature, especially after Microsoft confirmed two relevant aspects of Recall: Recall is enabled by default, and passwords and other sensitive information are not exempt from Recall. historical database.
Mix and match speed of light
Based on available information, the UK Information Commissioner’s Office (ICO) has even announced investigation It also involves the security issue of Recall.
Microsoft recalls burned
After experiencing the feature and how it works, Beaumont shared a number of questions with Recall from a cybersecurity perspective.
His findings largely support critics’ concerns and flesh out his overall description of the recall: a “disaster.”
Memories bring back memories everything
Beaumont found that Recall did keep a history of almost everything a user had ever seen on their computer. Beaumont found some exceptions, such as Recall not saving Microsoft Edge history when in private mode. However, Google Chrome’s history in private mode yes Saved. Every action, even something as small as minimizing the window, is contained in Recall. Full-text passwords, financial details and other sensitive data are also saved.
Memories can also be saved deleted data. Beaumont said Recall will save emails and messages from apps like WhatsApp and retain them even if the emails and messages are deleted. In addition, automatically deleted content such as signal messages will also be captured and saved in Recall’s history database.
As Beaumont points out, Recall organizes everything in its database by application. It’s a hacker’s dream because they can steal all of your sensitive data in one central location and also know exactly which sensitive information is associated with which applications.
Microsoft was wrong about Recall security
While using Recall, Beaumont discovered that Microsoft had been spreading incorrect information about Recall’s security.
First, Microsoft has always claimed that Recall history is encrypted. This means that if a thief escapes with the user’s physical computer, they won’t be able to steal the data saved by Recall. However, this is only the case if the thief cannot access the computer at all.
As Beaumont explained, once users log into their computers, the encrypted data is decrypted so they can access it. All a hacker needs to do is gain remote access to a user’s device through a Trojan horse virus, etc., and then they can access the computer’s recall history.
“In fact, you don’t even need to be an administrator to read the database,” Beaumont explained.
