Microsoft's new AI feature, Recall, has come under scrutiny for security and privacy concerns. Despite Microsoft's large security teams, Recall appears to have bypassed thorough security reviews. The feature, which allows users to search computer history via screenshots, stores data locally but in plaintext, making it vulnerable to hacking. A tool called TotalRecall has been developed to exploit this vulnerability. Microsoft's rush to market, driven by hardware delivery dates for Qualcomm powered laptops, is believed to have compromised security measures. Although Microsoft Research's chief scientist Jaime Teevan has downplayed these concerns, security experts remain skeptical. Alexander Hagenah has developed a proof-of-concept to extract data from Recall, further highlighting the security flaws. Additionally, the data is stored in a non-encrypted SQLite DB.
Should you be concerned about Microsoft Recall? Microsoft Research's chief scientist Jaime Teevan wasn't willing to address possible security risks https://t.co/IJll50SMN2 https://t.co/zxXjE3QKtc
"We are rethinking what data means and how we use it, how we value it, how it gets used" A top Microsoft scientist doesn't have too many reassurances for those concerned about Windows Recall, which seems to store snapshots in a non-encrypted SQLite DB https://t.co/ooTJE81v9V
Security Researcher Alexander Hagenah has developed a proof-of-concept which programmatically extracts data out of Microsoft Recall Microsoft said it would be safe, but as is tradition, it was beaten with a stick before it was even fully deployed https://t.co/Aubbx6rray
Excited (or worried) about Windows Recall AI feature? Mac has had it for two years https://t.co/DZpmflI1PG
Microsoft have released #Recall so users can search computer history via screenshots. This has been compared to #Lifelogging- ex @DCU PhDstudent Zaher Hinbarji & ADAPT dep. dir. Cathal Gurrin have researched Lifelogging for #HC interactions since 2016>> https://t.co/XRAzZpDaGD https://t.co/YFSIjD9UMX
Microsoft Research chief scientist has no issue with Windows Recall https://t.co/J8LBJZPoy1
Microsoft talked up the privacy aspect of its Recall feature by saying all the data is stored locally on your device. Sadly it didn’t pay as much attention to security as the data is stored in plaintext. So a hacker tool (TotalRecall) now exists to query the screenshots it takes https://t.co/YGBPzDf4Qx
I don't think Microsoft can pull back on Recall, given that it's the feature they sold tons of consumers on for preordering their Qualcomm powered laptops. No question in my mind that this was a rush to market, but hardware likely set the delivery date. Go security!
Microsoft's enterprise customer briefings about Recall https://t.co/q7eqnHKRwN
Given Microsoft has pretty large security teams, and a newfound focus on security: How did Recall pass security review - if it even did? Details coming out make it seem like while building this cool-sounding AI feature, there was no emphasis on common-sense security and privacy. https://t.co/c4VQ84VjBR