Microsoft’s new AI-powered computer history saving feature, Recall, has caused quite a stir among cybersecurity experts. The feature, which takes constant screenshots of a user’s computer activity and creates a searchable database, has been criticized for its lack of security. Kevin Beaumont, a former Microsoft employee and cybersecurity expert, described Recall as a “disaster” and highlighted several flaws that make sensitive information openly available to bad actors.
One of the main concerns raised by experts is that Recall is enabled by default, meaning that users are automatically opted into having their entire computer history saved. This includes passwords and other sensitive data. Additionally, Recall does not exempt deleted data from its history database. Emails, messages from apps like WhatsApp, and even auto-deleting content like Signal messages are all saved by Recall, even if they have been deleted by the user.
Furthermore, Beaumont discovered that Recall’s database is organized by application, making it easy for hackers to locate and steal sensitive data in one central location. Contrary to Microsoft’s claims, Recall’s history is not encrypted. Once a user logs into their computer, the encrypted data becomes decrypted and accessible. This means that if a hacker gains remote access to a user’s device, they can easily access the Recall history without needing administrative privileges.
The flaws in Recall’s security have raised serious concerns among experts and prompted an investigation by the UK’s Information Commissioner’s Office (ICO). The feature’s default settings and the inclusion of sensitive data in its history database make it a potential goldmine for hackers. Microsoft’s inaccurate claims about Recall’s encryption further highlight the company’s negligence in prioritizing user security.
In conclusion, Microsoft’s Recall feature has been met with widespread criticism from cybersecurity experts. Its lack of security measures and inclusion of sensitive data in its history database make it a significant threat to users’ privacy. The investigation by the ICO underscores the seriousness of the issue, and it remains to be seen whether Microsoft will address the concerns raised and improve the security of Recall.