Subj : Windows 11s AI Recall feature is blasted by a security expert as
To   : All
From : TechnologyDaily
Date : Mon Jun 03 2024 21:15:05

Windows 11s AI Recall feature is blasted by a security expert as one of the 
most ridiculous security failings Ive ever seen

Date:
Mon, 03 Jun 2024 20:00:26 +0000

Description:
Is Microsoft setting fire to its Copilot brand with the Windows 11 Recall 
feature? One expert believes this might be the case.

FULL STORY
======================================================================

Microsoft has already been dragged over the coals regarding its Recall 
functionality inbound for Windows 11 by security researchers and privacy 
watchdogs alike  and itll need a flame-retardant suit for the latest fiery 
outpouring against the AI-powered feature. 

This comes from security expert Kevin Beaumont, as highlighted by The Verge . 
The site notes that Beaumont worked for Microsoft briefly a few years ago. 

To recap  in case you missed it somehow  Recall is an AI feature for Copilot+ 
PCs, which launches later this month and acts as a photographic timeline  
essentially a history of everything youve done on your PC, recorded via 
screenshots that are taken regularly in the background of Windows 11. 

Beaumont got Recall working on a normal (non-Copilot+) PC  which can be done, 
though it isnt recommended performance-wise  and has been messing around with 
it for a week. 

Hes come to the conclusion that Microsoft has made a giant mistake here, at 
least going by the feature as currently implemented  and its about to ship, 
of course. Indeed, Beaumont asserts that Microsoft is probably going to set 
fire to the entire Copilot brand due to how poorly this has been implemented 
and rolled out, no less. 

So, whats the big problem? Well, principally, its the lack of thought around 
security and how theres a major discrepancy between Microsofts description of 
the way Recall is apparently kept watertight and what Beaumont has found. 
Microsoft told media outlets a hacker cannot exfiltrate Copilot+ Recall 
activity remotely.Reality: how do you think hackers will exfiltrate this 
plain text database of everything the user has ever viewed on their PC? Very 
easily, I have it automated.HT detective pic.twitter.com/Njv2C9myxQ May 30, 
2024 See more 

As you can see in the above post on X (formerly Twitter), one of the security 
experts main beef with Microsoft is that it informed media outlets that a 
hacker cant possibly nab Copilot+ Recall data remotely. In other words, an 
attacker would need to access the device physically, in-person  and this isnt 
true. 

In a long blog post on this topic, Beaumont explains: This is wrong. Data can 
be accessed remotely. Note that Recall does work entirely locally, as 
Microsoft said  its just that it isnt impossible to tap into the data 
remotely, as suggested (if you can access the PC, of course). 

As Beaumont elaborates, the other big problem here is the Recall database 
itself, which contains all the data from those screenshots and the history of 
your PC usage  as all of this is stored in plain text (in an SQLite 
database). 

This makes it very easy to snaffle all the Recall-related info of exactly how 
youve been using your Windows 11 PC  assuming an attacker can get access to 
the device (either remotely, or in-person). Analysis: Recall the Recall 
feature, or regret it 

There are lots of further concerns here, too. As Microsoft pointed out when 
it revealed Recall, there are no limits to what can be captured in the 
AI-powered history of the activity on your PC (save for some slight 
exceptions, like Microsoft Edges private browsing mode  but not Chrome 
Incognito, tellingly). 

Sensitive financial info, for example, wont be excluded, and Beaumont further 
points out that auto-deleting messages in messaging apps will be 
screenshotted, too, so they could be accessed via a stolen Recall database. 
Indeed, any message you delete from the likes of WhatsApp, Signal, or 
whatever could be read via a Recall compromise. 

But wait a minute, you might be thinking  if your PC is remotely accessed by 
a hacker, arent you in deep trouble anyway? Well, yes, thats true  its not 
like these Recall details can be accessed unless your PC is actively 
exploited (though part of Beaumonts problem is Microsofts apparently errant 
statement that any kind of remote access to Recall data wasnt possible at 
all, as mentioned above). (Image credit: Milan_Jovic) 

The real kicker here is that if someone does access your PC, Recall seemingly 
makes it very easy for that attacker to grab all these potentially hugely 
sensitive details about your usage history. 

While info stealer Trojans already exist and scrape victims at a large scale 
on an ongoing basis, Recall could enable this kind of personal data hoovering 
to be done ridiculously quickly and easily. 

This is the crux of the criticism, as Beaumont explains it: Recall enables 
threat actors to automate scraping everything youve ever looked at within 
seconds. During testing this with an off the shelf infostealer, I used 
Microsoft Defender for Endpoint  which detected the off the shelve 
infostealer  but by the time the automated remediation kicked in (which took 
over ten minutes) my Recall data was already long gone. 

This is a major part of the reason why Beaumont calls Recall one of the most 
ridiculous security failings Ive ever seen. 

If Microsoft doesnt take action before it ships, mind  as theres still time, 
in theory anyway, although the release of Copilot+ PCs is very close now. 
(However, Recall could still be kicked temporarily to touch while its further 
worked on  perhaps). 

If Recall does ship as its currently implemented, Beaumont advises turning it 
off: Also to be super clear you can disable this in Settings when it ships, 
and I highly recommend you do unless they rework the feature and experience. 

Herein lies another thorny issue: the AI-powered functionality is on by 
default. Recall is highlighted during the Copilot+ PC setup experience, and 
you can switch it off, but the way this is implemented means you have to tick 
a box to enter settings post-setup, and then turn off Recall there  
otherwise, it will simply be left on. And some Windows 11 users will likely 
fall into the trap of not understanding what the tick box option means during 
setup and just end up with Recall on by default. 

This is not the way a feature like this should operate  particularly given 
the privacy concerns highlighted here  and weve made our feelings on this 
quite clear before. Anything with wide-ranging abilities like Recall should 
be off by default, surely  or users should have a very clear choice presented 
to them during setup. Not some kind of weird tick this box, jump through this 
hoop later kind of shenanigans. You might also like... AI surveillance is on 
the horizon, but Mullvad VPN might have a fix Watch out: soon some older PCs 
will lose Windows 11 support Dont make these 5 big mistakes when using 
Windows 11



======================================================================
Link to news story:
https://www.techradar.com/computing/windows/windows-11s-ai-recall-feature-is-b
lasted-by-a-security-expert-as-one-of-the-most-ridiculous-security-failings-iv
e-ever-seen


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.