Microsoft's AI-backed Recall feature sparks cybersecurity debate: Here's why
Microsoft recently announced its AI-powered feature, Recall, which captures everything a user does on their PC. This feature is part of the new Copilot Plus PCs, set to debut on June 18. However, cybersecurity experts have raised concerns about potential security risks, associated with the use of Recall. Despite Microsoft's assurances of data privacy and encryption, experts have identified potential security flaws in the feature that could expose users' data to cyber threats.
Potential security flaws uncovered
Cybersecurity expert Kevin Beaumont has identified potential security issues with Recall. Beaumont, who previously worked at Microsoft, found that the facility stores data in plain text within a database. This could potentially allow cyber attackers to extract this database and its contents using malware. "This database file has a record of everything you've ever viewed on your PC in plain text," warns Beaumont.
Recall's vulnerability to malware exploitation
Beaumont has criticized Microsoft's claim that Recall activity cannot be remotely exfiltrated by a hacker. He explains that the database, stored locally on a computer, can be accessed even without admin rights. This raises concerns about the ease with which malware and attackers could steal information. "Recall enables threat actors to automate scraping everything you've ever looked at within seconds," Beaumont states.
Privacy concerns surrounding Recall option
The announcement of Microsoft's Recall has sparked a swift reaction, with privacy campaigners labeling it a potential "privacy nightmare." The UK's Information Commissioner's Office is also making inquiries with Microsoft over the use of this AI-powered feature. Despite these concerns, Microsoft maintains that Recall is an optional experience, and has built-in privacy controls. However, it does not perform content moderation and won't hide sensitive information, such as passwords or financial account numbers in its screenshots.
Microsoft's response to security concerns
Microsoft's FAQ page does not address the potential for malware to steal the Recall database. The company states, "Recall snapshots are kept on Copilot Plus PCs themselves, on the local hard disk, and are protected using data encryption on your device and (if you have Windows 11 Pro or an enterprise Windows 11 SKU) BitLocker." Beaumont counters this by explaining that disk encryption is only effective in certain scenarios, and doesn't protect against cyberattacks.
Recall feature may require rework
In light of these security concerns, Microsoft may need to rework the Recall feature. This comes weeks after Microsoft CEO Satya Nadella emphasized the importance of prioritizing security over new features. "If you're faced with the tradeoff between security and another priority, your answer is clear: Do security," Nadella stated in an internal memo.