Cybersecurity

Microsoft Copilot+ Recall feature can ‘set cybersecurity back by a decade’, claims expert


Microsoft introduced the Recall search feature for Windows 11 PCs at its Surface event last month. The feature uses artificial intelligence (AI) to log user’s activity, including apps used, websites visited, documents viewed, live meeting transcripts, and more.

The feature has received mixed reactions. In a series of posts on X (formerly Twitter), security expert Kevin Beaumont claims that he was able to automate a program that successfully provided text data of everything a user has viewed on his computer.

He alleges that Recall feature is an ‘infostealer’ and that Microsoft will “deliberately set cybersecurity back a decade & endanger customers by empowering low level criminals.”
Windows Recall feature takes screenshot every second
“Every few seconds, screenshots are taken. These are automatically OCR’d by Azure AI, running on your device, and written into an SQLite database in the user’s folder,” explains Beaumont in a detailed blog post. “This database file has a record of everything you’ve ever viewed on your PC in plain text.”

“My feeling is unless Microsoft’s senior leadership actually *does something* about reviewing Recall, the US Government and others should consider they haven’t taken the CSRB report seriously at all,” he writes.


Disappearing messages shared via WhatsApp, Signal gets recordedThe security expert claims that he tested the Recall feature with messaging apps like WhatsApp, Signal and Teams. “Somebody message you with disappearing messages? They’re recorded anyway. Write a disappearing message? It’s recorded. Delete a message? It’s recorded.” he states.

How does the Recall AI feature work
In a demo at Surface event last month, a Microsoft representative showed how Recall could find a specific blue dress the user had previously viewed on Pinterest by searching with their voice. The tool could also locate an exact PowerPoint slide and pull up a quote from a Teams meeting based on the user providing contextual clues.

Microsoft says all data capture and processing is done locally on the device to protect user privacy. The data will not be used to train Microsoft’s AI models. Users can pause or delete the data capture and exclude sensitive apps or websites. A minimum of 256GB storage is required, with 50GB free space to use Recall.



Source

Related Articles

Back to top button