Windows 11 feature that takes thousands of snapshots of your PC called ‘disaster’ by security expert

The controversy surrounding the recently announced Windows 11 recall continues. The UK Data Protection Supervisor already has confirmed that it is “investigating” with Microsoftwhile the billionaire CEO of SpaceX Elon Musk has warned millions of followers on X to ditch the feature— All this despite the fact that Recall is not yet available on any Windows 11 PC.

Recall is one of several Artificial Intelligence (AI) features coming exclusively to Copilot+ computers. These devices, which include Brand new Surface 7 laptop from Microsoft, require a dedicated Neural Processing Unit (NPU) to handle AI tasks. Samsung, Dell and Asus, among others, have pledged to launch Copilot+ computers.


But ahead of the launch of the first batch of Copilot+ computers on June 18, cybersecurity expert Kevin Beaumont has flagged a number of potential flaws in the Recall feature. Given that Beaumont has worked for Microsoft, he is in a position to comment on this upcoming AI feature.

Recall is the main feature of this Copilot+ PC scheme, which allows you to scroll through everything that has happened on your Windows 11 PC and jump back in time with a click. Everything is searchable as AI has gone through the images and text on the device

MICROSOFT PRESS OFFICE

After a week of testing, Kevin Beaumont discovered that Recall stores data in a plain text database. Without encryption, this can make it trivial for a hacker to extract data about them everything you have done on your computer.

“Every few seconds, screenshots are taken. These are automatically OCR’d by Azure AI, run on your device and written to a SQLite database in the user’s folder,” explained Kevin Beaumont. in a long blog post criticizing the feature.

“This database file has a record of everything you’ve ever seen on your computer in plain text.”

OCR – Optical Character Recognition – is the practice of digitizing images of typed, handwritten or printed text. Microsoft will use artificial intelligence to transcribe text from web pages, Word documents, PDFs, handwritten notes, and anything else that appears on your computer screen so that everything is instantly searchable.

For example, if you know you were looking at flights to Spain last month — you can search for the destination to find the exact website. With a single click, Windows 11 will call up the document, photo, video or web page to pick up where you left off. You can also move back in time through screenshots, which are recorded hundreds of times every hour and can be stored for months.

Yusuf Mehdi, Chief Marketing Officer at Microsoft, described how Recall works a company blog: “We decided to solve one of the most frustrating problems we face every day – finding something we know we’ve seen before on our computer. Today, we have to remember what folder the file was saved in, what website it was on or scroll through hundreds of emails trying to find it Now with Recall, you can virtually access what you’ve seen or done on your computer in a way that feels like you have a photographic memory.

But cyber security expert Kevin Beaumont has branded the feature a “disaster”, warning that “stealing everything you’ve ever typed or viewed on your Windows PC is now possible with two lines of code”.

As a proof of concept, Beaumont claims to have “automated exfiltration and created a website where you can upload a database and instantly search it” so that anyone can go through the full history of everything seen on screen from the Recall function.

“I’m deliberately holding back the technical details until Microsoft ships the feature as I want to give it time to do something. I actually have a ton of stuff to show and I think the wider cyber community will have a lot of fun with it when it does.” be available.. but I also think it’s really sad, as there will be real-world damage,” the former Microsoft employee wrote in the blog post detailing the flaws.

Recall is enabled by default on all Copilot+ computers, although it can be disabled in the settings at a later date. By default, it won’t record screenshots whenever you use a private browsing mode, such as Incognito Mode in Google Chrome, Microsoft has assured PC owners. You can also disable the feature on a per-app basis.

Kevin Beaumont has advised Microsoft not to issue a recall with the first batch of Copilot+ PCs this month as it risks damaging customer confidence in the operating system and desktop functionality. He writes: “In my opinion – they should recall Recall and rework it to be the feature it deserves to be, delivered at a later date. They should also review the internal decision-making that led to this situation, as a this should not happen.

“Earlier this month, Microsoft’s CEO sent an email to all of their staff saying“If you’re faced with the trade-off between security and another priority, your answer is clear: Do security.” We’ll find out if he was serious about that email.

“They need to eat modest pie and just take the hit now, or risk customer confidence in their Copilot and safety brands. Frankly, more or less customers are going to cry that Recall isn’t available right away – but they’rewill absolutely be seriously concerned if Microsoft’s response is to do nothing, ship the product, stiffen up a bit, or try to address the issue in the media.”

promotional image for Recall in Windows 11 showing a series of screenshots with the timeline searching through all

Recall is one of a number of features that will only appear on Windows 11 devices designated as Copilot+ PCs, which contain a chip with an NPU to handle all AI tasks

MICROSOFT PRESS OFFICE

Several other privacy activists have also reacted strongly to Recall’s announcement.

“This could be a privacy nightmare,” Dr Kris Shrishak, an AI and privacy consultant, told the BBC. “Just the fact that screenshots will be taken while using the device can have a chilling effect on people.”

Jen Caltrider, who serves as Program Director for the *Privacy Not Included team at Mozilla, has warned that Recall will let anyone with access to your laptop or desktop computer a treasure trove of personal information as it contains a categorized list of recent activities.

Caltrider warned: “[This includes] law enforcement court orders, or even Microsoft if they change their mind to keep all this content local and not use it for targeted advertising or training of their online AIs.”

Microsoft says Recall won’t censor or delete information from the screenshots it takes, even when passwords or bank account details are visible on the screen.

In a blog post about the new functionality, which will arrive with New Surface Laptop next monthThe US company wrote: “Recall uses your personal semantic index, built and stored entirely on your device. Your photos are yours; they reside locally on your computer. You can delete individual photos, adjust and delete time intervals in Settings.” , or stop at any point, right from the System Tray icon on your taskbar.

“You can also filter apps and websites from ever being saved. You’re always in control with privacy you can trust.”

surface laptop 7th edition pictured running new version of windows 11 on 13-inch and 15-inch model Recall and a number of other AI features will be exclusive to Windows 11 running on so-called Copilot+ PCs, including the recently announced Surface Laptop 7, pictured above MICROSOFT PRESS OFFICE

But Jake Moore, global cybersecurity adviser at software security firm ESET, said creating and storing more private data through the feature could be a tempting prospect for cybercriminals.

“Enabling a feature that has the ability to capture screen data not only provides even more data to the company behind the software, but also opens up another avenue for criminals to attack,” he said.

RECENT DEVELOPMENTS

“While this feature is not enabled by default, users should be careful to allow any content to be analyzed by AI algorithms for a better experience.

“While it may produce better results, there is a balance to be struck regarding functionality versus privacy and thus users should remain aware of the potential risks if any sensitive data is ever compromised. Creating and storing more private data seems unnecessary when cybercriminals are constantly looking for a particular vulnerability to exploit.”

Leave a Comment

×