When Microsoft CEO Satya Nadella revealed the new Windows AI tool that can answer questions about your web browsing and laptop use, he said one of the “magical” things about it was that the data doesn’t leave your laptop; the Windows Recall system takes screenshots of your activity every five seconds and saves them on the device. But security experts say that data may not stay there for long.

Two weeks ahead of Recall’s launch on new Copilot+ PCs on June 18, security researchers have demonstrated how preview versions of the tool store the screenshots in an unencrypted database. The researchers say the data could easily be hoovered up by an attacker. And now, in a warning about how Recall could be abused by criminal hackers, Alex Hagenah, a cybersecurity strategist and ethical hacker, has released a demo tool that can automatically extract and display everything Recall records on a laptop.

Dubbed TotalRecall—yes, after the 1990 sci-fi film—the tool can pull all the information that Recall saves into its main database on a Windows laptop. “The database is unencrypted. It’s all plain text,” Hagenah says.⁩ Since Microsoft revealed Recall in mid-May, security researchers have repeatedly compared it to spyware or stalkerware that can track everything you do on your device. “It’s a Trojan 2.0 really, built in,” Hagenah says, adding that he built TotalRecall—which he’s releasing on GitHub—in order to show what is possible and to encourage Microsoft to make changes before Recall fully launches.

2 points

Here is an alternative Piped link(s):

“magical” things

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I’m open-source; check me out at GitHub.

permalink
report
reply
63 points

I wouldn’t really call it a hacker tool any more than you would call a hammer a thieves tool.

It just accesses the data that stored in an unencrypted format on the computers hard drive.

If someone had remote access to your computer they could use this, but I imagine they could also use the official tool too.

Since the data is stored in an unencrypted fashion, a hacker who had remote access would be better served running some script that will just transfer all this data to their offsite server and could be accomplished pretty easily.

I guess what I want to really say is that calling it a “hacker tool” is misleading.

permalink
report
reply
28 points
*

Nmap is a “hacker tool” and all it does is ask computers what ports they have open, something they are set to advertise to the world.

This is a “hacker tool” in the sense that it is accessing data in an unintended way, in the same contect as nmap using protocols intended to communicate for a set purpose to built a list of possible attack vectors.

permalink
report
parent
reply
8 points

So when I walk past some bicycles parked outside of a store, and simply use my eyes to determine if they have locks, I’m essentially a hacker.

permalink
report
parent
reply
20 points

no, your eyes are hacker tools

permalink
report
parent
reply
12 points

There’s a word for that, it’s called “casing.”

Obviously not “hacking,” unless they’re locked up by a computer or some shit.

A hacker using software like that to test vulnerabilities seems similar to me in some ways.

permalink
report
parent
reply
5 points

A thief to be

Looking for opportunity

permalink
report
parent
reply
7 points

You do have a point, but it does highlight why Microsoft’s framing is bad.

Microsoft is basing their approach to this on the concept that your MS account-secured local machine is itself secure, so whatever is in it is fine, because hey, your confidential work info is probably also in your hard drive and unencrypted, so if a bad actor can steal the pictures of it, then it can also steal the original document.

Which mostly is true, to be clear, but it fundamentally misunderstands how much juicier and easier of a target is a reliable, searchable database that logs all activity stored in a consistent location, as opposed to potentially having to extract everything up front. Plus, even if there are few guardrails to all data inside your system, there are some, as this will likely include info you may keep hidden, password-protected or encrypted both locally and remotely. There’s a reason my password manager asks for my credentials manually once every time I use it.

permalink
report
parent
reply
10 points
*

I wouldn’t really call it a hacker tool any more than you would call a hammer a thieves tool.

IANAL, but I’m pretty sure a hammer is a thieves tool if used in the commission of a burglary.

Those devices used by employees to remove security locks from CDs/DVDs aren’t “thieves tools” when used as intended, but when my dumb ass got caught with one while stealing from Blockbuster, the judge considered it one.

permalink
report
parent
reply
3 points

Right but if I use a hammer to prove the lock I just bought is useless at protecting my shed, I’m not committing theft. This was a few lines of Python to look at data that is explicitly stored for the user to look at later.

permalink
report
parent
reply
1 point

IANAL

🤤

permalink
report
parent
reply
108 points

They store it unencrypted in 2024? This should be illegal. Now every fucking Program you run can basically know everything you ever did since every shit is spyware nowadays to get that sweet data collection going

permalink
report
reply
48 points

Even if they encrypt it, the computer needs access to the data thus needs the decryption key. So it’s not very secure anyway.

permalink
report
parent
reply
5 points
*

Well yeah, but they should atleast store the key outside of userspace

permalink
report
parent
reply
15 points

The key is stored in $APPDATA\WelcomeMat

permalink
report
parent
reply
21 points

I guess the solution would involve keys on the TPM so that they shouldn’t need to be sat on attached storage or in memory. Although I’m not sure I’d trust all TPM implementations to have the performance necessary for the extra load (I believe bitlocker keys get cached in memory once you have unlocked the drive, for example)

permalink
report
parent
reply
41 points

Even if it were encrypted, if access to it doesn’t involve explicit confirmation and a password then it can be automated.

And if it can be automated then malware that gets on the machine will be able to access it whether it’s encrypted or not.

But let’s be real, the whole reason Microsoft is doing this is so they can parse your data for AI. And storing it unencrypted makes it easier for them.

Also “the data won’t leave your machine” is a red herring. Yeah the data won’t; but the results of AI processing will. They’ll take what they need and transfer that out, and leave you holding the bag.

permalink
report
parent
reply
2 points

I would be happy to provide my energy to microsoft’s openai /s

permalink
report
parent
reply
7 points

They will have your computer calculating hyperspecific queries for ads.

permalink
report
parent
reply
26 points

HacKeR tOOl

permalink
report
reply
19 points

permalink
report
parent
reply
44 points

Now where did I leave my PowerGlove…

permalink
report
reply

Technology

!technology@lemmy.world

Create post

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


Community stats

  • 16K

    Monthly active users

  • 12K

    Posts

  • 554K

    Comments