Ghostboard pixel Skip to content

Microsoft's Recall AI Declared Insecure by Expert Before Launch

Uh-Oh, Microsoft, it doesn't look like you will be able to earn user's trust with things like this.

As expected, Microsoft's creepy move to spy on everything you do on your PC with Copilot+ Recall has backfired with widespread criticism over the potential privacy issues it could cause.

And, to add fuel to the fire, we now have a more disturbing development that could allow hackers to easily take advantage of a user's Recall data. This is thanks to some key weaknesses that were discovered by Kevin Beaumont, an experienced cybersecurity researcher.

Why is Microsoft Shooting Itself in The Foot?

A video of Recall for reference.

In his detailed blog, Kevin found out that even though all the data is processed locally, when Azure AI automatically OCRs (extracts text from images) the user's screen, it is stored in an SQLite database in the user's folder under a new “CoreAIPlatform” folder inside “AppData”.

That is where the problem lies, Microsoft is banking on the encryption already present on a user's device, and is of the belief that a malicious actor would need physical access to a user's device to compromise Recall data.

But, the thing is, all that data is stored in plain text and a simple InfoStealer Trojan could easily make short work of that, stealing all the information that Recall has collected, with the user being unaware of it.

If you were wondering what kind of information, Recall collects. Well, you already know that it is enabled by default and takes screenshots every few seconds.

So, any app you open, be it a chat application, a browser, the settings app, your password manager, games, and really anything that you have not manually excluded from its settings would be captured.

Not to forget, Recall doesn't censor sensitive information like passwords, financial information, government-issued identification numbers, and more.

Even deleted messages on chat applications like Signal, WhatsApp, Telegram are not safe, as Recall will regrettably be able to “recall” those messages.

Sure, one needs an “Admin” account to access the AppData folder, but, as things stand, that covers the majority of the user accounts that many people use, and access to it is just a matter of a few clicks.

As for how the data looks like, Kevin shared it on X, where you can see that it has the name of the app, and some important attributes related to it.

Of course, this screenshot does not show too much, you will understand why soon.

He also pointed out that hackers could easily modify existing malware to automatically scrape Recall data, with him having already built a website where one could upload a Recall database to instantly search it.

Being a sensible cybersecurity professional, he has held back on the technical details on it and a few other findings, until Microsoft actually launches the Recall feature, giving them time to address these glaring issues.

In the end, it is the user who is at risk, as not everyone takes steps to secure their privacy, and many just go along with what's already configured by their providers (read as the default settings of Windows).

💬 Your thoughts? Is having Recall on your PC a good idea? Let me know below.

Suggested Read 📖

Microsoft Windows’s Creepy Move to Spy on Everything You Do With AI
Windows is eager to know more about you, and see what you’re doing. Good times! :)

More from It's FOSS...