As expected, Microsoft's creepy move to spy on everything you do on your PC with Copilot+ Recall has backfired with widespread criticism over the potential privacy issues it could cause.
And, to add fuel to the fire, we now have a more disturbing development that could allow hackers to easily take advantage of a user's Recall data. This is thanks to some key weaknesses that were discovered by Kevin Beaumont, an experienced cybersecurity researcher.
Why is Microsoft Shooting Itself in The Foot?
A video of Recall for reference.
In his detailed blog, Kevin found out that even though all the data is processed locally, when Azure AI automatically OCRs (extracts text from images) the user's screen, it is stored in an SQLite database in the user's folder under a new “CoreAIPlatform” folder inside “AppData”.
That is where the problem lies, Microsoft is banking on the encryption already present on a user's device, and is of the belief that a malicious actor would need physical access to a user's device to compromise Recall data.
But, the thing is, all that data is stored in plain text and a simple InfoStealer Trojan could easily make short work of that, stealing all the information that Recall has collected, with the user being unaware of it.
If you were wondering what kind of information, Recall collects. Well, you already know that it is enabled by default and takes screenshots every few seconds.
So, any app you open, be it a chat application, a browser, the settings app, your password manager, games, and really anything that you have not manually excluded from its settings would be captured.
Not to forget, Recall doesn't censor sensitive information like passwords, financial information, government-issued identification numbers, and more.
Even deleted messages on chat applications like Signal, WhatsApp, Telegram are not safe, as Recall will regrettably be able to “recall” those messages.
Sure, one needs an “Admin” account to access the AppData folder, but, as things stand, that covers the majority of the user accounts that many people use, and access to it is just a matter of a few clicks.
As for how the data looks like, Kevin shared it on X, where you can see that it has the name of the app, and some important attributes related to it.
Of course, this screenshot does not show too much, you will understand why soon.
Microsoft told media outlets a hacker cannot exfiltrate Copilot+ Recall activity remotely.
— Kevin Beaumont (@GossiTheDog) May 30, 2024
Reality: how do you think hackers will exfiltrate this plain text database of everything the user has ever viewed on their PC? Very easily, I have it automated.
HT detective pic.twitter.com/Njv2C9myxQ
He also pointed out that hackers could easily modify existing malware to automatically scrape Recall data, with him having already built a website where one could upload a Recall database to instantly search it.
Being a sensible cybersecurity professional, he has held back on the technical details on it and a few other findings, until Microsoft actually launches the Recall feature, giving them time to address these glaring issues.
In the end, it is the user who is at risk, as not everyone takes steps to secure their privacy, and many just go along with what's already configured by their providers (read as the default settings of Windows).
💬 Your thoughts? Is having Recall on your PC a good idea? Let me know below.
Suggested Read 📖
Sourav Rudra
More from It's FOSS...
- Support us by opting for It's FOSS Plus membership.
- Join our community forum.
- 📩 Stay updated with the latest on Linux and Open Source. Get our weekly Newsletter.
