Also have a look at this video demonstration Hacking Windows Recall To See Everything (by Mental Outlaw).
Man, during my apprenticeship, I spent a month in the offensive security department, meaning white-hat hackers. My most memorable experience there was us scrolling through a WireShark log of a server (which a user had conveniently placed into a web-hosted folder, so that our automated scanners could pick up on it).
Then we found an unencrypted FTP connection in there, which meant the password got logged in plain text and then we tried the same password for SSH. In roundabout 10 minutes, we had root access. On a real-world system.
And yeah, watching the guy in the video scroll through those Recall logs, that felt eerily similar. Like you just need the right Ctrl+F, the right screenshot or any clue that they’re using some insecure technology to exploit. If you can extract those logs, it’s likely just a matter of time until you find something.
AI taking more jobs.
Now you just need a execute single PowerShell line to upload the whole history to the attacker, no need to hire skilled hackers to code custom malware or infostealers.
What those malware devs are going to do now that ai replaced them?
Change up the kinds of malware they write.
Not surprising. If there’s a way for a non-admin user to use this, it means there’s probably a way for a non-admin process to access the data.
Even if if were more secure, there’s probably plenty of ways for attackers to escalate privileges to admin.
The bigger issue is Microsoft providing an official tool for snooping on user activity. Malware won’t have to install their own, and recall taking screenshots periodically won’t be considered anomalous behaviour since it’s an official Microsoft service.
recall taking screenshots periodically
Seriously, you didn’t get through the first paragraph?
the notion of a tool that silently takes a screenshot of your desktop every five seconds”
Saying “periodically” is a pretty trivial way of putting it.
Microsoft and Adobe fighting each other over who gets enshittification of the decade award. Sam Altman is probably crafting a victory speech about what chatGPT 12 might possibly be able to do, someday. The sooner all this snake oil hype crashes and burns, the better off we’ll all be.
The article describes a tool that grabs the data without admin privileges, but yes, there are methods used by current malware to escalate privileges.
Will they recall Recall?
I bet it isn’t!
Although this feature sounds helpful, it really looks like they went too far with this. They should probably look for a way to sell these Copilot+ pc’s in another way if they can’t get this secure enough and probably keep it disabled for companies…
I’m surprised they didn’t make sure that the part that should help you hide sensitive information worked well before letting the first testers get their hands on the feature. All this bad news about the future doesn’t help convince people to turn it on.
How were they supposed to test any of it, without releasing it to testers? Recall is an “Insider Preview” feature, it’s nowhere close to a final feature.
