This Hacker Tool Extracts All the Data Collected by Windows’ New Recall AI

🌈 Abstract

The article discusses the security and privacy concerns surrounding Microsoft's new Windows AI tool called "Recall", which continuously takes screenshots of a user's laptop activity and stores them locally. Security researchers have demonstrated that the screenshots are stored in an unencrypted database, making the data vulnerable to potential theft by attackers. The article also covers a tool called "TotalRecall" that can automatically extract and display all the information recorded by Recall, as well as the broader implications of such a feature, including the risks for employers and employees.

🙋 Q&A

[01] Security and Privacy Concerns

1. What are the main security and privacy concerns with Microsoft's Recall feature?

• The screenshots taken by Recall are stored in an unencrypted database on the user's device, making the data easily accessible to potential attackers.
• The Recall database can capture sensitive information such as messages, passwords, and financial details, which could be exploited by criminal hackers or domestic abusers.
• There is a risk of company data being stolen if employees use their personal devices for work under a "bring your own device" policy, especially if they leave the company on bad terms.

2. How have security researchers demonstrated the vulnerabilities of Recall?

• Security researchers have developed a tool called "TotalRecall" that can automatically extract and display all the information recorded by Recall, including the unencrypted screenshots.
• Cybersecurity researcher Kevin Beaumont has also built a website where a Recall database can be uploaded and instantly searched.

3. What has Microsoft said about the security and privacy features of Recall?

• Microsoft's Recall privacy pages state that it is possible to disable saving screenshots, pause the system temporarily, filter applications where screenshots are taken, and delete the gathered data.
• Microsoft also acknowledges that Recall does not perform any content moderation on the saved images, meaning that sensitive information such as passwords or financial details will not be hidden.

[02] Potential Abuse and Recommendations

1. How could Recall be abused by criminal hackers or domestic abusers?

• The unencrypted Recall database could be a "gold mine" for attackers, providing them with detailed information about the user's activities, including emails, personal conversations, and sensitive data.
• Hackers could potentially modify existing "InfoStealer" trojans to target the Recall database and steal user information.

2. What recommendations have security experts made regarding Recall?

• Cybersecurity researcher Kevin Beaumont has suggested that Microsoft should "recall Recall and rework it to be the feature it deserves to be, delivered at a later date", and review the internal decision-making that led to the current implementation.
• The UK's data protection regulator, the Information Commissioner's Office, has asked Microsoft to provide more details about Recall and its privacy features.