Cybersecurity researcher Kevin Beaumont says Microsoft Recall is ” going to deliberately set cybersecurity back a decade & endanger customers.”
Windows Recall is Microsoft’s controversial AI-powered feature that takes snapshots of a user’s activity on their computer. The idea is that it provides a way for users to look back and find files, conversations, pictures, and more, and easily jump back to the selected content. Unfortunately, by default, the feature does not filter out content that a user may not want a record of.
Microsoft has touted the security and privacy it is building into Recall, but experts remain unconvinced. To make matters worse, Beaumont has conclusively disproved one of Microsoft’s most important claims, namely that bad actors will not be able to exfiltrate on-device Recall data.
Microsoft told media outlets a hacker cannot exfiltrate Copilot+ Recall activity remotely.
Reality: how do you think hackers will exfiltrate this plain text database of everything the user has ever viewed on their PC? Very easily, I have it automated.
HT detective pic.twitter.com/Njv2C9myxQ
— Kevin Beaumont (@GossiTheDog) May 30, 2024
It’s just an SQLite database, feature ships in a few weeks – I’ve already modded it into an Infostealer hosted on Microsoft’s Github (a few lines of code)
Microsoft are going to deliberately set cybersecurity back a decade & endanger customers by empowering low level criminals.
Read More: Why Windows Recall Is a Nightmare
Adding to the concern is the fact that Recall circumvents security features in other apps. For example, disappearing messages in popular secure messaging apps are recorded in Recall, as Beaumont points out:
Thread’o’rama at the link: https://cyberplace.social/@GossiTheDog/112531054138802168
I’ve tested this with messaging apps like WhatsApp, Signal and Teams.
Somebody message you with disappearing messages? They’re recorded anyway. Write a disappearing message? It’s recorded. Delete a message? It’s recorded.
Beaumont believes the US government should take Microsoft’s actions as a clear indication that the company has learned nothing from the damning CSRB report in the wake of the company’s Exchange breach last year. The report said “Microsoft’s security culture was inadequate and requires an overhaul, particularly in light of the company’s centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations.”
Microsoft has vowed to put “security above all else” in response, reportedly going so far as to link executive pay to the company’s security performance. As Beaumont points out, it’s difficult to reconcile the company’s “security above all else” policy with the implications of Recall.
This post was originally published on 3rd party site mentioned in the title of this site
