During the Copilot+ debut, Microsoft and global OEMs recently announced PCs powered by Qualcomm’s Snapdragon X Elite and Snapdragon X Plus, the only devices capable of delivering the Copilot+ experiences. As a part of Copilot+ PC features, Microsoft introduced “Recall”.
Despite Microsoft’s promises of a secure and encrypted Recall experience, a cybersecurity expert has raised concerns, reports The Verge.
Also read: Game changer: Qualcomm powered enhanced Microsoft CoPilot+ AI PCs are here!
For those who are unaware, Recall is designed to take screenshots of everything you do on your computer and store them on your device for easy search. However, these screenshots might not be as secure as advertised.
Also read: Microsoft’s new Recall feature lets you easily find & remember what you’ve seen on your PC
Researcher Kevin Beaumont discovered the data is stored in a format that could be accessed by malicious programs, potentially exposing your entire digital life to hackers.
“Every few seconds, screenshots are taken. These are automatically OCR’d by Azure AI, running on your device, and written into an SQLite database in the user’s folder,” Beaumont explained. “This database file has a record of everything you’ve ever viewed on your PC in plain text.”
On X, Beaumont criticised Microsoft for asserting that the Recall feature’s activity data could not be remotely extracted by hackers. He highlighted that the database, which is stored on a local PC and typically requires admin access, can be accessible from the AppData folder even without admin privileges.
The concern raised is that Recall could potentially simplify the process for malicious software and cyber attackers to steal information. Given that InfoStealer trojans are designed to filch credentials and sensitive data from computers, and such malware is actively being disseminated by cybercriminals, Beaumont warned that Recall could allow these threat actors to swiftly automate the extraction of all the data a user has interacted with.
