Microsoft's recently introduced Recall feature, designed to help users find things they've seen on their PC, has raised eyebrows among security researchers. Recall takes screenshots at regular intervals, storing the data locally. While Microsoft aimed to address privacy concerns with local storage, experts warn of potential risks.
The collected data could include sensitive information like passwords and financial details, raising concerns about its misuse. Additionally, the feature's intrusiveness has been criticized.
Microsoft initially claimed attackers would need physical access and valid credentials to steal Recall data. However, recent research suggests otherwise. Studies have shown how malware could exploit vulnerabilities to access the unencrypted local database where Recall information resides.
Open-source tool shave even been developed to demonstrate how easily data can be extracted from the database. Security professionals urge Microsoft to prioritize security improvements before the official release of Recall.
Independent research has also highlighted the potential for modified malware to steal compressed Recall data efficiently. Tests have shown malware exfiltrating data before standard security software could detect it.
As Recall is currently in preview, Microsoft can address these security concerns before a wider release.
Asa your Digital Trust Experts, we will be back with more updates as it unfolds !