Windows Recall takes a screenshot every five seconds. Cybersecurity researchers say the system is simple to abuse—and one ethical hacker has already built a tool to show how easy it really is.
When Microsoft CEO Satya Nadella revealed the new Windows AI tool that can answer questions about your web browsing and laptop use, he said one of the “magical” things about it was that the data doesn’t leave your laptop; the Windows Recall system takes screenshots of your activity every five seconds and saves them on the device. But security experts say that data may not stay there for long.
Two weeks ahead of Recall’s launch on new Copilot+ PCs on June 18, security researchers have demonstrated how preview versions of the tool store the screenshots in an unencrypted database. The researchers say the data could easily be hoovered up by an attacker. And now, in a warning about how Recall could be abused by criminal hackers, Alex Hagenah, a cybersecurity strategist and ethical hacker, has released a demo tool that can automatically extract and display everything Recall records on a laptop.
Dubbed TotalRecall—yes, after the 1990 sci-fi film—the tool can pull all the information that Recall saves into its main database on a Windows laptop. “The database is unencrypted. It’s all plain text,” Hagenah says. Since Microsoft revealed Recall in mid-May, security researchers have repeatedly compared it to spyware or stalkerware that can track everything you do on your device. “It’s a Trojan 2.0 really, built in,” Hagenah says, adding that he built TotalRecall—which he’s releasing on GitHub—in order to show what is possible and to encourage Microsoft to make changes before Recall fully launches.
It could be that anything you encrypt has to have its encryption key in some place inaccessible to these same hacker tools. If your computer uses Bitlocker, for instance, you need to enter a 6-digit code each time you turn it on.
Best guess, they had such a high expectation of “convenience” for this feature that they couldn’t justify any kind of security key. Which is still a dumb explanation, obviously.
I wouldn’t really call it a hacker tool any more than you would call a hammer a thieves tool.
It just accesses the data that stored in an unencrypted format on the computers hard drive.
If someone had remote access to your computer they could use this, but I imagine they could also use the official tool too.
Since the data is stored in an unencrypted fashion, a hacker who had remote access would be better served running some script that will just transfer all this data to their offsite server and could be accomplished pretty easily.
I guess what I want to really say is that calling it a “hacker tool” is misleading.
So the next step is: M$ encrypts their local database.
Later they want to upload it to their servers to further exploit your data. But then it is encrypted (and of course only M$ has the key), therefore the upload will be very hard to detect.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !technology@lemmy.world
This is a most excellent place for technology news and articles.
HacKeR tOOl
deleted by creator
It could be that anything you encrypt has to have its encryption key in some place inaccessible to these same hacker tools. If your computer uses Bitlocker, for instance, you need to enter a 6-digit code each time you turn it on.
Best guess, they had such a high expectation of “convenience” for this feature that they couldn’t justify any kind of security key. Which is still a dumb explanation, obviously.
They encrypt the damn start menu and they cannot encrypt this?
deleted by creator
I wouldn’t really call it a hacker tool any more than you would call a hammer a thieves tool.
It just accesses the data that stored in an unencrypted format on the computers hard drive.
If someone had remote access to your computer they could use this, but I imagine they could also use the official tool too.
Since the data is stored in an unencrypted fashion, a hacker who had remote access would be better served running some script that will just transfer all this data to their offsite server and could be accomplished pretty easily.
I guess what I want to really say is that calling it a “hacker tool” is misleading.
So the next step is: M$ encrypts their local database.
Later they want to upload it to their servers to further exploit your data. But then it is encrypted (and of course only M$ has the key), therefore the upload will be very hard to detect.
Hmpf.
Cool, now do remotely.
Done https://cyberplace.social/@GossiTheDog/112555262732490331
And since it lives in user space without needing nt/system, it should be as stealable over remote as any other file