Microsoft is preparing to launch its Recall feature which utilizes Windows Copilot Runtime to help you find anything you’ve seen on your PC. Experts say it could be a privacy and cybersecurity disaster.
The idea behind Recall is a good one. You remember seeing a good deal on a website but can’t quite remember which one, or which photo had you wearing your favorite hat.
No problem. Recall takes screenshots every few seconds as you use your PC and will help you find what you’re after if you simply describe it.
Do you find the idea of your operating system snapping away to remember all of your activity on your PC a little concerning? Microsoft says there’s no need to worry because none of Recall’s data is sent back to its servers. It all gets stored locally on your machine.
The problem is that it isn’t stored securely and security experts are saying this could make it extremely easy for cybercriminals to steal your sensitive data.
When Recall takes a snapshot of you entering your address, telephone number, or credit card details, it uses OCR (Optical Character Recognition) to extract and then store that data in plain text.
It’s not encrypted and is saved in a plain text database in the AppData folder that anyone with admin rights on the PC can access.
Security researcher Kevin Beaumont says that with Recall “Microsoft are going to deliberately set cybersecurity back a decade & endanger customers by empowering low level criminals.”
Beaumont has been testing Recall and demonstrated how easy it would be for someone to access your Recall data.
Microsoft told media outlets a hacker cannot exfiltrate Copilot+ Recall activity remotely.
Reality: how do you think hackers will exfiltrate this plain text database of everything the user has ever viewed on their PC? Very easily, I have it automated.
HT detective pic.twitter.com/Njv2C9myxQ
— Kevin Beaumont (@GossiTheDog) May 30, 2024
Surely Microsoft made it very difficult to access this data by securing the folder, right? Not so much. Beaumont shared a video showing Microsoft engineers simply opening the folder at a demonstration at the company’s Build event.
Watch as Microsoft staff gain access to the Recall database files at the 24 second mark here, you’ll be shocked by their elite hacking skills. pic.twitter.com/RxBQ8iTixw
— Kevin Beaumont (@GossiTheDog) May 30, 2024
Beaumont says “Recall enables threat actors to automate scraping everything you’ve ever looked at within seconds.”
Explaining the severity of the situation he explained, “So prepare for AI powered super breaches. Currently, credential marketplaces exist where you can buy stolen passwords — soon, you will be able to buy stolen customer data from insurance companies etc as the entire code to do this has been preinstalled and enabled on Windows by Microsoft.”
There has been widespread backlash from privacy advocates and security professionals over this. We may even see Microsoft recall Recall before its release later this month.
