Microsoft is preparing to launch a new artificial intelligence-based Recall feature that takes screenshots of absolutely everything you do on your computer.
Experts have already tested it and warned that it could be a «catastrophe» for cybersecurity, tells us The Verge.
New opportunities, new vulnerabilities
Recall is part of the upcoming Copilot Plus update that will debut on June 18.
The new feature creates screenshots of absolutely all user actions on the PC and allows you to search for this information in the chronology.
According to the developers, Recall data should be local and confidential and not used to train AI models.
To this end, the developers have provided an opportunity to customize the new feature.
- Recall has an exclusion list where you can add certain URLs and applications and the corresponding data will not be stored.
- Also Recall does not take screenshots in incognito mode of Microsoft Edge, Firefox, Opera, Google Chrome and other Chromium-based browsers.
However, there is a nuance here as well: Recall does not moderate data and does not hide passwords or card numbers in screenshots.
Even the British government is concerned
At the same time, cybersecurity expert and former Microsoft employee Kevin Beaumont said that the feature has some vulnerabilities. After testing Recall last week, he concluded that the received data is stored in the database as plain text.
This greatly simplifies the ability to access databases.
«Screenshots are taken every few seconds. They are automatically recognized by the Azure AI running on your device and written to a SQLite database in the user’s folder», — explains Beaumont on his blog.
To demonstrate these vulnerabilities, the expert stole the Recall database from his PC and uploaded it to a website created specifically for this task. He hid the technical data — «until Microsoft releases this feature, because I want to give them the opportunity to change something»
The database is stored locally on the PC, but it is accessible from the AppData folder if you are an administrator. But Beaumont claims that the database is accessible even without admin rights.
In this way, Recall makes it easier for malware to steal information. This includes InfoStealer viruses, which hackers use to steal and sell information.
«Recall allows you to automate the scanning of everything you’ve ever looked at in seconds», — the expert emphasizes.
Recall will work in Copilot Plus on the new Windows by default.
After the Recall vulnerabilities were made public, many experts called it a real threat to privacy, and the UK government’s Information Commissioner’s Office even sent an official request to Microsoft.
It is significant that the launch of Recall took place just a few weeks after Microsoft CEO Satya Nadella urged employees to make security «the company’s highest priority».