Microsoft's New Recall Feature Raises Security Concerns

Microsoft’s New Recall Feature Raises Security Concerns

Microsoft is gearing up to introduce a new AI-powered feature called Recall, set to launch alongside Copilot Plus PCs on June 18th. While Recall promises to revolutionize how users interact with their computers by enabling quick and easy retrieval of screenshots, cybersecurity experts are sounding the alarm about potential security vulnerabilities.

Recall works by employing local AI models to capture screenshots of everything a user does on their PC. These screenshots are then stored locally, allowing users to search and access their activities effortlessly. Despite Microsoft’s assurances that Recall prioritizes user privacy and security, concerns have been raised by security researcher Kevin Beaumont.

Beaumont, who has been testing Recall, discovered that the feature stores data in a plaintext database on the user’s device. This means that potentially sensitive information, including everything viewed on the PC, is stored in a format that could be easily accessed by attackers. According to Beaumont, the database is accessible from the AppData folder, even for non-administrative users.

In a detailed blog post, Beaumont highlighted the security risks posed by Recall’s data storage methods. He criticized Microsoft for downplaying the potential for remote extraction of Recall activity, pointing out that the plaintext nature of the database makes it susceptible to exploitation by malware.

The revelation of these security flaws raises concerns about the safety of users’ data and privacy when using Recall. While Microsoft has emphasized the local and private nature of Recall’s operation, the vulnerability exposed by Beaumont underscores the need for thorough security assessments and safeguards in AI-powered features.

As Microsoft prepares to roll out Recall and Copilot Plus PCs, it is imperative for the company to address these security concerns and ensure that users’ data remains protected from potential threats. In an increasingly digital world where privacy and security are paramount, the integrity of AI-powered technologies like Recall must be rigorously maintained to safeguard user trust and confidence.

author avatar
Share This


Wordpress (0)
Disqus (0 )