When Microsoft CEO Satya Nadella revealed the new Windows AI tool that can answer questions about your web browsing and laptop use, he said one of the “magical” things about it was that the data doesn’t leave your laptop; the Windows Recall system takes screenshots of your activity every five seconds and saves them on the device. But security experts say that data may not stay there for long.
Two weeks ahead of Recall’s launch on new Copilot+ PCs on June 18, security researchers have demonstrated how preview versions of the tool store the screenshots in an unencrypted database. The researchers say the data could easily be hoovered up by an attacker. And now, in a warning about how Recall could be abused by criminal hackers, Alex Hagenah, a cybersecurity strategist and ethical hacker, has released a demo tool that can automatically extract and display everything Recall records on a laptop.
Dubbed TotalRecall—yes, after the 1990 sci-fi film—the tool can pull all the information that Recall saves into its main database on a Windows laptop. “The database is unencrypted. It’s all plain text,” Hagenah says. Since Microsoft revealed Recall in mid-May, security researchers have repeatedly compared it to spyware or stalkerware that can track everything you do on your device. “It’s a Trojan 2.0 really, built in,” Hagenah says, adding that he built TotalRecall—which he’s releasing on GitHub—in order to show what is possible and to encourage Microsoft to make changes before Recall fully launches.
I wouldn’t really call it a hacker tool any more than you would call a hammer a thieves tool.
It just accesses the data that stored in an unencrypted format on the computers hard drive.
If someone had remote access to your computer they could use this, but I imagine they could also use the official tool too.
Since the data is stored in an unencrypted fashion, a hacker who had remote access would be better served running some script that will just transfer all this data to their offsite server and could be accomplished pretty easily.
I guess what I want to really say is that calling it a “hacker tool” is misleading.
Nmap is a “hacker tool” and all it does is ask computers what ports they have open, something they are set to advertise to the world.
This is a “hacker tool” in the sense that it is accessing data in an unintended way, in the same contect as nmap using protocols intended to communicate for a set purpose to built a list of possible attack vectors.
I wouldn’t really call it a hacker tool any more than you would call a hammer a thieves tool.
IANAL, but I’m pretty sure a hammer is a thieves tool if used in the commission of a burglary.
Those devices used by employees to remove security locks from CDs/DVDs aren’t “thieves tools” when used as intended, but when my dumb ass got caught with one while stealing from Blockbuster, the judge considered it one.
Right but if I use a hammer to prove the lock I just bought is useless at protecting my shed, I’m not committing theft. This was a few lines of Python to look at data that is explicitly stored for the user to look at later.
IANAL
🤤
You do have a point, but it does highlight why Microsoft’s framing is bad.
Microsoft is basing their approach to this on the concept that your MS account-secured local machine is itself secure, so whatever is in it is fine, because hey, your confidential work info is probably also in your hard drive and unencrypted, so if a bad actor can steal the pictures of it, then it can also steal the original document.
Which mostly is true, to be clear, but it fundamentally misunderstands how much juicier and easier of a target is a reliable, searchable database that logs all activity stored in a consistent location, as opposed to potentially having to extract everything up front. Plus, even if there are few guardrails to all data inside your system, there are some, as this will likely include info you may keep hidden, password-protected or encrypted both locally and remotely. There’s a reason my password manager asks for my credentials manually once every time I use it.
Now where did I leave my PowerGlove…
Hacker tool. What a weird name for a software that shows you readily accessible data to the user.
Who is this 4chan guy anyway?
Like you don’t know it’s the hacker in the white mask who created bitcoin.
That was my thought when I read the title too.
I’m hoping MS pushes this “feature”; between this and the vulnerability Tenable published a few days ago, maybe some people will actually consider moving away from MS.
It barely matters if the database is encrypted or not. If the user has access to it, they have the keys to it, and so would anybody else with access.
The real danger is that intruders will have access to your entire history from before they had access to your machine, and it’s all in one place.
With easily searchable text, search for “bank” and get all accounts login. Yay no need to wait for the hacked user to get on his banking site he’s been there before. Quick in and out without being noticed and you got all you need to empty his account. Thanks Microsoft I knew you where so helpful to hackers while making my life shittier all the while.
Every banking site I’ve been on jumps through all sorts of hoops to make sure the browser doesn’t save the password, usually with some 2FA thrown into the mix.
But I’d imagine that a lot of older people have a helpful passwords.txt file sat smack bang in the middle of their desktop, or just use the same one for everything. I mean, we’re in an age where you need a username and password to update your graphics drivers for some godforsaken reason. It’s not going to be hard to find that The One True Password with access to this.
The best part of this ‘hacking tool’ is that it’s 5 lines of Python and the rest is just fluff lol
It’s just looking in a sqlite file and listing the jpeg directory. The only extra step is running
icacls
to let the user read the files.
HacKeR tOOl
don’t worry they’ll cancel the whole project the instant some idiot crooked corporate executive asshole gets his incriminating data stolen and used for blackmail
I saw someone on mastodon say something like, “don’t tell your IT department not to use recall to protect employee or customer data. Tell your legal department that all your recall data can be subpoenaed for discovery.”
Why on earth aren’t they encrypting the database? It could have adressed much of the criticism but they just decided to leave the whole thing completely unprotected.
They encrypt the damn start menu and they cannot encrypt this?
They do?
Likely because there was too much CPU overhead decrypting and having the LLM query the Recall image database all dynamically
In the grand scheme of things, the LLM is the bottleneck, not the decryption.
I dunno, they could’ve kept some of it in-memory, it’s just a bunch of plaintext.
It requires full disk encryption doesn’t it? If someone already has access to your account then they can access this data the same way you can. The new issue here is that this silos a load of private data in one easy to grab location. Users would have to set up the filters perfectly to prevent recall capturing anything more sensitive than what’s already accessible to their account. This is in a world where many users are probably storing their passwords in a Word document on the desktop.
It could be that anything you encrypt has to have its encryption key in some place inaccessible to these same hacker tools. If your computer uses Bitlocker, for instance, you need to enter a 6-digit code each time you turn it on.
Best guess, they had such a high expectation of “convenience” for this feature that they couldn’t justify any kind of security key. Which is still a dumb explanation, obviously.
Skype used to store all history unencrypted for years after MS bought it, this seems to be a tradition of not caring enough
not caring
enough
So the next step is: M$ encrypts their local database.
Later they want to upload it to their servers to further exploit your data. But then it is encrypted (and of course only M$ has the key), therefore the upload will be very hard to detect.
Hmpf.
So… how does the user actually ®ecall™ anything? Do they have to ask M$ Co-pilot™ AI to get it from The Azu®e™ Cloud? Because I’m pretty sure a hacker could do that just as easily.
Cool, now do remotely.
Done https://cyberplace.social/@GossiTheDog/112555262732490331
And since it lives in user space without needing nt/system, it should be as stealable over remote as any other file