June 5, 2024 at 09:30AM
Microsoft’s Recall feature, enabled by default on new Copilot+ PCs, captures user activity through regular screenshots stored locally. However, cybersecurity researchers have raised concerns over potential data theft, with demonstrations showing information-stealing malware could access sensitive data. They also highlighted the feature’s security vulnerabilities, prompting Microsoft to address the issues before the official release.
Key takeaways from the meeting notes:
– Several cybersecurity researchers have identified potential privacy and security concerns with Microsoft’s Recall feature, which captures and stores users’ activities through screenshots at regular intervals on new Copilot+ PCs.
– Concerns were raised about the feature’s potential intrusion and the possibility of sensitive data, such as passwords and financial information, being exposed through the collected screenshots.
– Researchers have demonstrated the ability of information-stealing malware to easily access data collected by Recall, highlighting the security vulnerabilities associated with the feature.
– Expert opinions have emphasized the need for Microsoft to address these security issues before the official release of the feature.
– Microsoft has been warned about the potential exploitation of Recall by threat actors, as well as the efficiency of data compression and the ability of infostealer malware to exfiltrate Recall data.
– Recall is currently in preview, allowing Microsoft the opportunity to make necessary changes before its general availability.
– SecurityWeek has reached out to Microsoft for comment, indicating a potential update to the article pending a response from the tech giant.