Copilot’s screen-snapping feature allows users to recall data stored in plain text

Published:

Safety Implications of Microsoft’s Recall Feature: Researchers Warn of Cybersecurity Setback

In a shocking revelation, cybersecurity researchers have raised serious concerns about Microsoft’s Recall feature, claiming that it poses a significant threat to user privacy and cybersecurity. The Recall feature, which captures screenshots of everything users do on their devices, has been criticized for storing this sensitive information on an SQLite database that can be easily accessed by anyone with administrator-level privileges.

Kevin Beaumont, a renowned cybersecurity researcher, has highlighted the potential risks associated with Recall, stating that attackers could easily exfiltrate the data stored in the database. Despite Microsoft’s assurances that remote access to the screenshots is not possible, Beaumont has demonstrated how attackers could exploit this feature to steal sensitive information from users.

Furthermore, Beaumont tested Recall with popular messaging apps like WhatsApp, Signal, and Teams, revealing that the feature captures conversations, including disappearing messages and deleted content. This raises serious concerns about user privacy and the security of sensitive communications.

Microsoft introduced Recall as part of its new AI-driven personal computers, Copilot+, with CEO Satya Nadella likening the feature to the device’s “photographic memory.” However, cybersecurity experts warn that Recall could potentially set cybersecurity back by a decade and empower cybercriminals to exploit users’ data for malicious purposes.

As the debate around Microsoft’s Recall feature continues to escalate, users are urged to exercise caution and be vigilant about their online activities to protect their privacy and security in an increasingly digital world.

Related articles

Recent articles