Yesterday, Microsoft CEO Satya Nadella sat down with the media to introduce a new feature called Recall, as part of their Copilot+ PCs. It takes screenshots of what you’re doing on constantly, by design:
https://medium.com/media/d4abba4451fecf39939e7aee53697784/href
The idea is it allows you to rewind back in time at the click of a button to see what you were doing at, say, 11pm two months ago. It also classifies almost everything you’re doing, seeing and typing. This is instantly searchable.
Microsoft’s store page for the PCs points out “It will not hide information such as passwords or financial account numbers [..]”
For example, if you log into online banking, your information around account numbers, balances, purchases etc will enter Recall’s database.
This fundamentally changes the relationship with you and your Microsoft Windows computer. It also introduces real risk to you, the customer. Let’s break down what is happening.
You may look at this and think ‘surely there’s some safety guardrails’, and there are — in the video above you’ll see Satya point out the processing and data storage is done locally on the device. In the FAQ they point out there’s some circumstances where data won’t be recorded, for example when password’s aren’t visible on screen.
That’s great. It’s also not nearly enough.
If you look at what has happened with historically with infostealer malware — malicious software snuck onto PCs — it has pivoted to automatically steal browser passwords stored locally. In other words, if a malicious threat actor gains access to a system, they already steal important databases stored locally.
They can just extend this to steal information recorded by Copilot’s Recall feature.
Microsoft themselves heavily talk about the risk of info stealers:
The scale of the problem is immense — stolen credentials run in the billions, and large portions come from infostealer trojans on Windows systems.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: