Unencrypted Data Store Raises Concerns
- Researchers have discovered that the Windows Recall AI tool stores data in an unencrypted database.
- This data includes screenshots of every five seconds of activity, as well as text and images from messages, websites, and apps.
- An ethical hacker has released a tool that can automatically extract and display all the data Recall records, demonstrating the potential for abuse by malicious actors.
Potential Risks and Abuses
- Data Theft: Attackers could gain access to sensitive information such as passwords, financial account numbers, and personal conversations.
- Stalking: Abusers could use Recall to track victims' online and offline activities, including their locations and contacts.
- Corporate Espionage: In cases where employees use personal devices for work, Recall could be used to steal company data.
Microsoft's Response and Recommendations
| Action | Description |
|---|---|
| Disable Saving Screenshots | Turns off Recall functionality |
| Pause the System | Suspends Recall temporarily |
| Filter Applications | Limits screenshot capture to specific applications |
| Delete Gathered Data | Removes saved screenshots and other data |
Despite Microsoft's privacy claims, security experts recommend disabling Recall or using it with caution until the company addresses the security concerns. The Information Commissioner's Office in the UK has also requested more information from Microsoft on Recall's privacy implications. While Recall remains in preview mode, it is crucial for users to understand the potential risks and take appropriate measures to protect their data.
.png)
0 Comments