© IE Online Media Services Pvt Ltd
Tags:
Journalism of Courage
Microsoft has been hyping AI PCs for the last few months. The company also recently unveiled a new Windows 11 feature called “Recall”, which takes a screenshot of everything you do on your PC and makes all actions searchable. The tech giant also said that threat actors cannot remotely extract Copilot and Recall activity data, but a security researcher named Kevin Beaumont now claims that the feature stores all data in a plain text SQLite database.
Beaumont also shared an example of the plain text database on X, saying that bad actors can remotely access it even if you are not admin. Since Recall stores all your screenshots in the user folder, it might also be accessed by malware and threat actors who want to steal information.
While information-stealing trojans can already extract sensitive information like card numbers, passwords and more, if they manage to get access to data stored by Recall, they can “automate scraping everything you’ve ever looked at within seconds.”
Around a week ago, the same security expert said that he was able to get Recall working on a machine with an NPU, which Microsoft says is essential for the feature to work.
Microsoft’s FAQ page says that snapshots taken by Recall “are protected using data encryption on your device and Bitlocker”, but Beaumont was quick to point out that all your data is decrypted when you log in to your user account and that encryption only helps when someone physically steals your laptop.
The security researcher demonstrated the same by uploading his Recall database on a website that lets you upload databases and search within them. With Microsoft planning to enable Recall for all Windows 11 when setting up a Copilot Plus PC, this can be a privacy nightmare for users who are unaware of how the functionality works. Currently, there is no way to opt out of the feature, but Microsoft is reportedly considering adding an option that lets you do so during the setup process.
Apart from security researchers, the UK Information Commissioner’s Office has also criticised the feature and is planning to inquire Microsoft about the same. Despite the backlash, Microsoft has time and time again said that Recall is entirely optional and comes with built-in privacy controls.
