Microsoft’s new Copilot AI-based PC history backup feature, Recall, is already being compared to one of the many fictional dystopian tech products discovered in Black Mirror episodes on the same day it was announced last month.
Now that Recall is in the hands of cybersecurity experts, the reaction to Microsoft’s novelty is even worse than critics imagined.
“Stealing everything you’ve ever written or seen on your own Windows PC is now imaginable with two lines of code,” cybersecurity expert Kevin Beaumont, who once worked at Microsoft as a senior risk intelligence analyst, wrote in a new case study. in which he declares the product a “disaster”.
Microsoft’s recall is plagued by security flaws that make a user’s entire computer history, adding passwords and other sensitive information, blatantly available to bad actors.
For those who don’t know, Microsoft recently introduced Recall, a new AI feature built into its Windows operating system. Recall necessarily takes consistent screenshots in the background while a user goes about their daily use of the computer. Microsoft’s Copilot AI then analyzes those screenshots to create a searchable database of one and both actions performed on your computer.
Withdrawal is a bit like the internet history of an internet browser on steroids, in that users can not only search for an internet site that they have already visited, but they can also search for something very specific that they have read or noticed on that internet page. And of course, those features go beyond a user’s browser history and involve all the movements they’ve made on their computer.
After the announcement, cybersecurity experts shared their problems with this feature, especially after Microsoft showed two facets related to Recall: that Recall is enabled by default and that passwords and other sensitive data are not exempt from the old Recall database.
As available, the UK’s Information Commissioner’s Office (ICO) has even announced an investigation into Recall’s security issues.
Beaumont shared a lot of issues with Recall from a cybersecurity standpoint after learning about the feature and how it works.
Their findings largely verify the critics’ considerations and flesh out their general description of the Retreat as a “disaster. “
Beaumont found that Recall effectively records a history of almost everything a user has noticed on their computer. There are some exceptions discovered through Beaumont, such as Microsoft Edge history in personal mode that is stored through Recall. However, the history of Google Chrome in Personal Mode mode is stored. Every action, even anything as small as minimizing a window, is included in Recall. Full-text passwords, monetary details, and other sensitive knowledge are also stored.
The reminder also saves the deleted data. According to Beaumont, Recall will record emails and messages from apps like WhatsApp and keep them, even if they are deleted. In addition, automatically deleted content, such as Signal messages, is also retrieved and stored in the old Recall database.
As Beaumont announces, Recall organizes everything in its knowledge base through apps. This is a hacker’s dream, as they can borrow all their sensitive knowledge in a central location and know precisely which sensitive data is connected to which applications.
While Recall, Beaumont discovered that Microsoft was spreading erroneous data about Recall’s security.
For one, Microsoft claims that Recall’s history is encrypted. This means that if a thief were to get away with a user’s physical PC, they would not be able to borrow the knowledge recorded through Recall. However, this is only true if the thief can’t access the PC at all.
As Beaumont explains, once a user logs into their computer, the encrypted knowledge is decrypted so they can access it. All a hacker wants to do is remotely access a user’s device—a Trojan horse, for example—and then they’ll have access to the computer’s reminder history.
“In fact, you don’t even have to be an administrator to read the database,” Beaumont explained.