Just a few days ago, Microsoft not only introduced its new Copilot+ PCs, but also a new feature called Recall for Windows. However, data protection experts see this as an absolute security risk.
The new Recall feature is designed to enable Windows users to find content from the past more quickly. To do this, the program takes a screenshot of the user interface every five seconds if something on the screen has changed in the meantime.
But this is precisely where the problem lies that security and data protection experts criticize. They see this as an enormous attack surface for info stealers through a malware infection.
How unsafe is Recall for Windows?
Recall is designed to help Windows users access content they have already edited more quickly. “Just describe how you remember the content and Recall will recall the moment you saw it,” Microsoft's website says.
Users can make these descriptions “using natural language.” If a screenshot is opened from the search results, the Screenray feature comes into play. This analyzes the content of the image, which users can then interact with. According to Microsoft, text can be copied out or images can be sent, for example.
Recall stores the recorded content locally and in encrypted form on the respective PC. Nevertheless, security experts are sounding the alarm. The new system is a “security nightmare that will undoubtedly lead to more fraud for consumers and other problems for companies,” complains security researcher Kevin Beaumon in a blog post.
Malware infection could steal data
According to Microsoft, users can limit the content recorded and, for example, exclude certain websites or apps from Recall. However, if they do not do this, Recall on the Windows PC will also record information about account numbers, account balances or purchases during online banking.
According to Beaumont, this poses a “real risk” for consumers. Because “if malware runs on your PC for just a few minutes, you now have a big problem and not just a few password changes,” explains the security expert.
Recall doesn't shy away from passwords or account numbers. However, the feature excludes content that is protected by Digital Rights Management from its screenshots. This includes e-books, for example, which are subject to copy protection as a digital medium.
Another critic sees this as intentional on Microsoft's part. The company is apparently very aware of the problem: “The fact that Microsoft's new recall system does not capture DRM content means that the engineers fully understand the risk of logging all content. They have just consciously decided to put the interests of companies and money ahead of people.”
Beaumont advises consumers and companies not to use the new feature until Microsoft has fundamentally revised it. The content recorded by Recall is a godsend for infostealers, especially in the case of malware infections. They are after locally stored information. According to Beaumont, a large proportion of stolen access data circulating on the Internet already comes from infostealers.
Also interesting:
Source: https://www.basicthinking.de/blog/2024/05/27/recall-windows/