One expert asserts that this AI option is a disaster for cybersecurity

  • The feature stores everything it collects in a plain text database

  • This information can be extracted even by users who are not administrators on the computer

Microsoft will make Windows 11 remember and record everything you do with your PC. That will be the goal of Recall, an AI feature that on paper sounds as promising as it is worrying.

Introducing Copilot+ PCs with new AI chips – first with Snapdragon The above recall has raised concerns.

The fact is that this constant collection of data has raised concerns about users' already tenuous privacy. They at Microsoft have confirmed that they are taking all kinds of measures to protect said privacy, but the letter does not seem to have gained traction.

In fact, a cybersecurity expert named Kevin Beaumont It has been analyzed Possible vulnerabilities that Recall may have, and discovered some potential flaws that could put our data at risk.

Based on its analysis, Recall stores your data In a plain text SQLite databasemaking it easy for an attacker to use some type of malware to extract that data from the database and steal it.

The screenshots taken by Recall go through an optical character recognition (OCR) program that runs locally, and the result is stored, shall we say, in that database. Although Microsoft emphasized in its announcement that a hacker cannot steal that data, it can be accessed from the AppData folder if you have an administrator account on that computer. Beaumont Confirms That even users who are not administrators can access it.

See also  WhatsApp trick to find an old message that you thought was missing

To illustrate the danger, Beaumont used Recall and then uploaded the resulting database to a website so anyone could search it however they wanted. “Microsoft is intentionally setting cybersecurity back a decade and putting customers at risk by giving more power to low-level criminals.” Confirms The expert.

There is other worrying data. Tom Warren, editor at The Verge, Standing out From the Windows 11 call function It is enabled by default On Copilot+ computers when we turn them on for the first time and complete the Windows 11 installation.

He explains that there is an option called “Open settings when I finish configuring so I can manage my recall preferences,” but what would be desirable would be just the opposite: for the option to be disabled by default, and for users to activate it if they want to use it.

At Microsoft they confirmed that the information is encrypted on our devices and we did not leave it behind. Although there is no interaction with Microsoft servers to provide this option, Encryption is not completely efficient. Not when, Beaumont says, that kind of encryption “only helps if someone comes into your house and actually steals your laptop, but that's not what cybercriminals do.”

This option has not yet been officially released on our computers, but it will be soon, and in fact it has been discovered that it can be used not only on computers with new AI chips, but also on other existing computers. Therefore, it will be necessary to see if Microsoft will correct these shortcomings and avoid potential cybersecurity risks.

See also  WhatsApp has announced changes to backups, which will now be limited to Google Drive

In Chataka | Copilot+ arrives in an arsenal of new laptops: Acer, ASUS, Dell, HP, Lenovo and Samsung sign up for the latest from Qualcomm and Microsoft

Lovell Loxley

"Alcohol buff. Troublemaker. Introvert. Student. Social media lover. Web ninja. Bacon fan. Reader."

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top