Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Privacy AI Windows

Hacker Tool Extracts All the Data Collected By Windows' New Recall AI 145

An anonymous reader quotes a report from Wired: When Microsoft CEO Satya Nadella revealed the new Windows AI tool that can answer questions about your web browsing and laptop use, he said one of the"magical" things about it was that the data doesn't leave your laptop; theWindows Recall system takes screenshots of your activity every five seconds and saves them on the device. But security experts say that data may not stay there for long. Two weeks ahead ofRecall's launch on new Copilot+ PCs on June 18, security researchers have demonstrated how preview versions of the tool store the screenshots in an unencrypted database. The researchers say the data could easily be hoovered up by an attacker. And now, in a warning about how Recall could be abused by criminal hackers, Alex Hagenah, a cybersecurity strategist and ethical hacker, has released a demo tool that can automatically extract and display everything Recall records on a laptop.

Dubbed TotalRecall -- yes, after the 1990 sci-fi film -- the tool can pull all the information that Recall saves into its main database on a Windows laptop. "The database is unencrypted. It's all plain text," Hagenah says. Since Microsoft revealed Recall in mid-May, security researchers have repeatedly compared it to spyware or stalkerware that can track everything you do on your device. "It's a Trojan 2.0 really, built in," Hagenah says, adding that he built TotalRecall -- which he's releasing on GitHub -- in order to show what is possible and to encourage Microsoft to make changes before Recall fully launches. [...] TotalRecall, Hagenah says, can automatically work out where the Recall database is on a laptop and then make a copy of the file, parsing all the data as it does so. While Microsoft's new Copilot+ PCs aren't out yet, it's possible to use Recall by emulating a version of the devices. "It does everything automatically," he says. The system can set a date range for extracting the data -- for instance, pulling information from only one specific week or day. Pulling one day of screenshots from Recall, which stores its information in an SQLite database, took two seconds at most, Hagenah says.

Included in what the database captures are screenshots of whatever is on your desktop -- a potential gold mine for criminal hackers or domestic abusers who may physically access their victim's device. Images include captures of messages sent on encrypted messaging apps Signal and WhatsApp, and remain in the captures regardless of whether disappearing messages are turned on in the apps. There are records of websites visited and every bit of text displayed on the PC. Once TotalRecall has been deployed, it will generate a summary about the data; it is also possible to search for specific terms in the database. Hagenah says an attacker could get a huge amount of information about their target, including insights into their emails, personal conversations, and any sensitive information that's captured by Recall. Hagenah's work builds on findings from cybersecurity researcher Kevin Beaumont, who has detailed how much information Recall captures and how easy it can be to extract it.
This discussion has been archived. No new comments can be posted.

Hacker Tool Extracts All the Data Collected By Windows' New Recall AI

Comments Filter:
  • by AnOnyxMouseCoward ( 3693517 ) on Wednesday June 05, 2024 @08:11AM (#64524481)
    I'm on the fence about getting a new computer at home (mostly for gaming, let's be real - even a 10 yr-old computer works fine for office stuff), and Win11 is the main reason I'm not biting the bullet. Every feature I read about makes me wonder "how can I disable this" and "will I really be able to disable it, or will it come back every forced update". I just want a version of Win10 (or heck, win7) with endless security updates. *shakes fist at sky*
    • Comment removed (Score:5, Insightful)

      by account_deleted ( 4530225 ) on Wednesday June 05, 2024 @08:14AM (#64524493)
      Comment removed based on user account deletion
      • You can get a new computer and not run windows on it ;)

        Doesn't that mean not running (most) games on it, which is the OP's intentions?

        • by xack ( 5304745 )
          Games that aren't part of the anti-cheat protection racket are there.
        • At this point, it seems ~66% of newer games work, but older stuff is iffy. Vulkan seems like a more stable target than Direct3D even on Windows these days.

        • by BadDreamer ( 196188 ) on Wednesday June 05, 2024 @10:30AM (#64524925) Homepage

          On Steam, using Proton, most older games work great. Even many which have issues on newer versions of Windows. Newer games is a bit more hit or miss, but a huge chunk of them will work great. Even heavier AAA titles.

          Since the Steam Deck came out, compatibility has increased immensely. I find very few games which have issues. The exception is games with heavy anti-cheat engines. Those tend to be a mess. And some DRM systems are just awful and won't work.

        • I guess it must depend on the games. I ran Baldur's Gate 3 via steam on Linux once it went retail. Runs spectacular on my machine and I spent under $1k on my box this past August. Haven't tried a lot of other brand new games, but mostly that's because they do not interest me all that much.

      • by martin-boundary ( 547041 ) on Wednesday June 05, 2024 @09:49AM (#64524797)
        Duh! How's he gonna get accees to endless Windows security updates in Linux, hmm? :-)
        • Keep your Windows in a VM on Linux, then deny it access to the internet. Then keep denying it access until Windows starts to cry and apologizes for it's naughty behavior in the past.

      • And condemn yourself to triple the work to get a game running decently or more likely, not at all?
        Seems practical.

    • One man's bloat is another's critical feature. The Recall fiasco aside I've seen people bitch and moan about every Windows feature, e.g. snipping tool, e.g. screen layout memorisation, which are all things that were easily dismissed, but ultimately ended up being great improvements to usability.

      No we absolutely should not stop improving software. It's all very far from perfect, both for power users as well as newbies. What we should do is call out the bullshit - precisely as we are doing now.

      • Re: (Score:3, Interesting)

        Comment removed based on user account deletion
      • That goes for "improvements," yes. Seems you think any old insanity is an improvement, yet your technical skill seems severely lacking.

      • The snipping tool is decent, but very limited. But what it did was kill off the market for excellent snipping tools which used to be available. In the end, this was a huge loss of usability for those who really need a good snipping tool.

        This is the norm for Microsoft. Push out other choices and leave a mediocre solution in place. The lowest common denominator ends up being the only choice. And in the end the cost for the end user is higher than it needs to be due to killed off competition.

        In this case, ther

        • by AvitarX ( 172628 )

          I'm curious what features are missing from greenshot.

          This isn't rhetorical, I am honestly curious as to what I'm missing since I have a failure of imagination of how it could be improved.

      • Snipping tool is quite good in windows 10. In 11 it sucks. Shock Amazement.

      • Jesus Christ, That is complete Garbzage as usual. Do you work for Microsoft?

        Yeah, I'm calling bullshit alright, on you, for constantly apologizing for Microsoft taking things away while pretending its "for your protection".

        Nobody wanted anything other than XP.
        Windows 7 was just a better XP.
        Microsoft has made ZERO improvments to usability, since then, or maybe ever. We absolutely DO NOT need "upgrades". So called "upgrades" are for Microsoft, NOT YOU.

        Wait. Let me get the popcorn before you shoot another load
    • If it's just a game machine then it doesn't matter that they're storing all your activity on a government server.

      Just don't use it for ANYTHING else and put it in its own isolated vlan.

      If they really want copies of your saved games and your library list at steam, do you really care?

      I haven't used windows for years. My PC has windows 7 and has been powered off since about 2016. If I ever build another windows box it will be for gaming, and maybe I'll hook it up to my big screen tv and that's it. No random

      • by gweihir ( 88907 )

        If it's just a game machine then it doesn't matter that they're storing all your activity on a government server.

        Just don't use it for ANYTHING else and put it in its own isolated vlan.

        I am in the process of doing that. Separate machine with no email and only gaming web-browsing is already there. Separate network segment is already there (not just a vlan), from when I connect work laptops to my own network. Isolation is not perfect yet and I will need to isolate a Win11 VM as well for when I have to use Office. But the plans are clear. MS is too clearly an enemy and a threat to its users for anything else to be viable.

    • I'm on the fence about getting a new computer at home (mostly for gaming, let's be real - even a 10 yr-old computer works fine for office stuff), and Win11 is the main reason I'm not biting the bullet. Every feature I read about makes me wonder "how can I disable this" and "will I really be able to disable it, or will it come back every forced update". I just want a version of Win10 (or heck, win7) with endless security updates. *shakes fist at sky*

      Now imagine how you'd feel if you need the system to just be stable and available for near real-time processing. My recording system is the last Windows system in the house. And it's getting more and more difficult to disable all the "special features" that seem to have nothing to do with running the system and everything to do with hoovering up data. A screenshot every five seconds has to have some burden on the system, and I'd rather have that IO and processing available for my DAW when it already runs ne

    • by dddux ( 3656447 ) on Wednesday June 05, 2024 @09:26AM (#64524723)

      Have you tried some of the "lite" Windows variants like Ghost Spectre or PhoenixOS? I've been running Phoenix OS Win10 as a 2nd OS on my laptop for years with no problems, mainly for music programs and plugins. Windows is actually somewhat likeable this way. I can bet games run better than on stock Windows, too, without having to deal with 512 different services and background processes.

    • A "tool that can answer questions about your web browsing and laptop use." I wonder what use this even has. If I want to know about my laptop use, I will just ask myself. For web browsing, I can look at the history. Capturing screenshots to help with web browsing questions just seems utterly idiotic; just capture the history.

      Microsoft, ever several years behind the pack but who think it is in the lead, seems desparate to adopt every possible new technology someone else comes up with and then standardizi

    • Don't worry, I read they are reopening a beta test phase for Windows 10 so they can get Recall going on that platform as well. Your welcome! https://www.theverge.com/2024/... [theverge.com]

  • I'm surprised by how many security promises were broken even before launch.
    New lows for Microsoft every day. Remember that little period of when Microsoft was okayish most of the time.

  • It's clear that no one at Microsoft is an Arnold fan or they would have never called this feature "Recall". The jokes just write themselves.
  • What's the point? (Score:5, Interesting)

    by stealth_finger ( 1809752 ) on Wednesday June 05, 2024 @08:15AM (#64524495)
    What's the point of this recall thing? Why would you want to ask questions about your laptop or web browsing use? Or is it them that's asking and just using everyone they can to train "ai" while mumbling something about usability if questioned?
  • We don't need AI. (Score:5, Insightful)

    by xack ( 5304745 ) on Wednesday June 05, 2024 @08:16AM (#64524497)
    Human supremacy will return after Nvidia's stock bubble bursts and people get fed up with hallucinations. Microsoft using AI as an excuse to put CCTV into the OS will only come to bite them. 2024 is only 40 years out from 1984.
    • by gweihir ( 88907 )

      After having used ChatGPT for a few days, I find it verbose, insightless and (probably intentionally) making it hard to check its sources. Not very useful.

      • You've finally actually tried it, huh? Good for you.

        Through the lines I'm reading that your idea of it and LLMs in general is slowly changing in the direction of reality. You'll get there eventually.

        • by gweihir ( 88907 )

          I tried it before in a limited context. Nothing I found now is different from my expectations. Which I have stated here on this site. I think you are talking out of your behind.

    • We do need AI - or rather what it should be called given its current state - machine learning. ML is an incredibly powerful way to analyze data. ChatGPT might be a bit of a gimick looking for a useful application but the fundamental technology underlying it - machine learning - is insanely useful in a huge variety of fields. It's not "AI" because it can only do what it is trained to do but that training can get it to do far more than a human trying to write an algorithm to do the task.

      We've been using ML
  • Now where is that tool who swore up and down I was just spreading "FUD FUD FUD?" Yet couldn't say one specific thing?

    The guy who believed the Microsoft press releases hook, line, and sinker, which claimed the data would be securely stored?

    Instead, "Two weeks ahead ofRecall's launch on new Copilot+ PCs on June 18" it's stored in an unencrypted MySQL database anyone could read, in plain text. All you need is file system access. Hell, you can get that without hacking the PC, just steal the danged thing.

    • The data will be securely stored on the NSA servers.

    • I guess to be fair, this is "hack" is for the preview version of this product. Perhaps the released version will include the promised encryption.

      I am not apologizing for MS or anything, but they *did* explicitly state that all this data would be stored in a locally encrypted state so, if they released this version they would be flat out lying which seems like it would open them up to some major liability and I can't imagine they would be that stupid.

      • I didn't realize it was a preview, but I wouldn't have released even a preview with no encryption.

      • I am not apologizing for MS or anything, but they *did* explicitly state that all this data would be stored in a locally encrypted state so, if they released this version they would be flat out lying which seems like it would open them up to some major liability and I can't imagine they would be that stupid.

        Microsoft is not exactly known for their polish before and after a product is released. Promised encryption not being in the beta sounds like MS as usual. The released version will probably have encryption—which someone will find a hack immediately after release.

  • *YAWN* (Score:2, Insightful)

    by thegarbz ( 1787294 )

    If someone has physical access to my device I'm just going to assume they installed their own keylogger / screenshot software and don't need to fuck around with Microsoft's tools.

    Repeat after me: If someone has physical access to your device, you have already lost the game.

    Also it's 2024 and every OS supports whole disk encryption of the OS drive. It's something people should seriously consider even on their home computers, not just laptops and portable devices. (And before someone shouts but but but Bitloc

    • Re: (Score:2, Flamebait)

      Spread 'em Garbz. Here comes your daddy.

      MS doesn't have "physical access" to your machine. don't bait and switch. FDE doesn't make a diff to Daddy.
      You're not wrong about having lost the game to MS, but you don't have to get gang banged all day long like you're suggesting is just fine.

      It's not fine and you don't have a valid argument.
      • Tell everyone you didn't understand what I wrote without saying you didn't understand what I wrote. You don't need to look far into my post to see who the actual subject was. It's the second word in.

    • Re:*YAWN* (Score:5, Insightful)

      by Errol backfiring ( 1280012 ) on Wednesday June 05, 2024 @08:45AM (#64524587) Journal

      If someone has physical access to your device, you have already lost the game.

      True, but you can lose games in multiple levels. If past data is not stored, it cannot be compromised at a single point of access. While the user might not use the data at all, and even be unaware that the data still exists, it is quite handy for all evildoers.

      Microsoft helps all evildoers to get data from before the system is compromised.

      • While this is true, the reality of modern nefarious activity is to own the machine. It's very rare that a past activity would compromise the user in a way a future activity doesn't. I logged into internet banking last week (which incidentally would do things such as capture a username, but not capture a password), and I'll log into internet banking again this week. The difference is a full nefarious keylogger will actually capture the password too.

    • Re: (Score:2, Informative)

      by Pascoea ( 968200 )
      Exposing yourself to unnecessary risk doesn't make sense. I don't care if it's on an encrypted hard drive, or in an encrypted database on an encrypted hard drive. Just having in the first place is dumb. Maybe THIS hack requires access to the computer, but the next one likely won't. And I really don't want screenshots of my banking information and porn viewing habits sold to the highest bidder.
    • They don't need physical access. Just your credentials to access it remotely. The credentials, which funnily enough, decrypt that drive encryption.
    • Re:*YAWN* (Score:5, Interesting)

      by BadDreamer ( 196188 ) on Wednesday June 05, 2024 @10:41AM (#64524955) Homepage

      The difference is, if someone steals my system, and then install keyloggers and whatnot, that's not really going to help them, now is it? Because I will no longer be using that system. They can sit and stare at it all day and they'll get nothing from it.

      But if the system has an installed keylogger with screen scraper which has saved everything I have done on it, named Recall, and then they steal it, that's a very different story. Especially since the data is stored in plaintext on the system. Anyone can read it.

      • The difference is, if someone steals my system

        That is taken care of in the second half of my comment. Someone stealing your system shouldn't have access to your data period. It's 2024. Full disk encryption should be the norm. Windows 11 will even prompt you to enable it during install. Unless someone has acceess to your device powered on and logged in, then stealing it won't be much of an issue for you if you take even the most basic of security precautions (and by basic I mean literally smashing the yes button during a Windows install).

        But if the system has an installed keylogger with screen scraper which has saved everything I have done on it, named Recall, and then they steal it, that's a very different story.

        Recall is not a

  • There is zero chance that this feature will be altered in a way that is friendly to end users. The various law enforcement agencies are having a combined orgasm over this feature. It is here to stay and will be mandated in every single operating system once the furor dies down over the initial introduction. Welcome to 1984 mother fuckers. The future is so bright, that even sunglasses won't help.

    • by nightflameauto ( 6607976 ) on Wednesday June 05, 2024 @09:17AM (#64524689)

      There is zero chance that this feature will be altered in a way that is friendly to end users. The various law enforcement agencies are having a combined orgasm over this feature. It is here to stay and will be mandated in every single operating system once the furor dies down over the initial introduction. Welcome to 1984 mother fuckers. The future is so bright, that even sunglasses won't help.

      I don't doubt governments and enforcement agencies, including police, will be absolutely thrilled with Recall. But how are they going to mandate that all OSes must have it? Can you see the Open Source folks just rolling over and going, "OK," on that front?

      Is there a point where we can demand that the OS just get the fuck out of the way and let us work? I don't want my system eating resources to report my every move to someone else. I want the hardware I bought to be available to process the tasks I throw at it. I'm sick of having to fight the system just to do the things I bought the system to do. This feature better be something we can disable completely, or it may very well be the end of Microsoft. While I'm sure the C-suites will love the spying potential it gives them, I have my doubts a single one will be happy with the idea of their system doing the same thing to them. Who comes up with these schemes and who the fuck thinks it's a good idea to force it on end users?

      • While I'm sure the C-suites will love the spying potential it gives them

        To be fair the C suites already have access to everything they want, any enterprise is already using centralized email, Group Policy, Domains. If you think you have privacy on your IT provided system well you are woefully misinformed. Their property, their network and their systems. This is just another feature the IT folks are going to say "lol, no. GP this into to the nether realm" until an executive comes down and overrules them.

        • exactly. The actual tech used here is absolutely nothing new and has been in use by corps for a long long time.

          The change is it's being pushed down to Home users who don't have an enterprise of security to protect it. (Protect the company, not you)
          • by jacks smirking reven ( 909048 ) on Wednesday June 05, 2024 @11:33AM (#64525085)

            That is very true and I hope Home users have an option to enable/disable the feature as they see fit. Really is an issue of awareness since your average home only users may not be aware of the risks but that's already the system they are engaged in, anyone with that distrustmul of MS probably is already using Apple or Linux, I can't imagine the person out there who is using Windows 11 and is like "ok, now this is a step too far!!!", like we crossed that bridge a long time ago.

              If Microsoft wants to covertly spy on all home users there really isn't anything stopping them already, they wouldn't need a splashy new very public feature to do it. And if we think this announcement is just a cover to sneak in the feature that's also a bit naive to me, the feature would already be baked in (and very well might be). That's just a fact of the matter of closed systems all the time.

  • Dubbed TotalRecall -- yes, after the 1990 sci-fi film

    We can remember it for you freeware?

  • by hyperar ( 3992287 ) on Wednesday June 05, 2024 @08:45AM (#64524589)
    Who, on their right mind, could have ever thought this was a good idea?, not only that, how on earth it made it all the way from a terrible idea to a actual feature?
  • by iAmWaySmarterThanYou ( 10095012 ) on Wednesday June 05, 2024 @08:47AM (#64524595)

    I still don't understand the alleged purpose or intended benefit of this new feature to users.

  • This is just another reason, on the large pile of reasons, why Microsoft, has been, and will foreseeably for a long while be a joke for the professional. Would you actually run Windows on a professional computer? If you say: “Yes”, then you're either carrying out a workload that is essentially impossible on a professional OS like GNU/Linux, such as .Net development, or, you're not a professional. In the rare case you do need Windows, run it in a VM on Linux, which is how I run it, to host tw
  • What's their plan for healthcare machines? This is HIPAA compliant and or opt outable right? Right?
  • by ebunga ( 95613 ) on Wednesday June 05, 2024 @11:58AM (#64525147)

    Recall will cause more women to be murdered as it allows their abusers to get every last piece of information they searched for and where they'll be. Then again, a company like Microsoft doesn't believe in consent, so this is probably its intended use case.

  • Microsoft has to be the worst when it comes to adding features that I don't want while totally not fixing their own products. But it seems like most software companies prioritize adding features we don't need while not fixing critical bugs. Years ago I tried to use the Windows backup and restore capability and it was totally broken I used it for a while and then when I needed something it wasn't there and I investigated and found it was a totally broken mess. Why would I even think of trying a feature like
  • This sounds like something that no user is going to want. It even goes against the trend of anonymity like private browsing modes.

    So of course we ask who benefits and it's Microsoft who will now collect and sell even more of your information. Windows is pretty much just an analytics and advertising framework now. They say the information will stay on the computer and of course it will. For now. But pretty soon they'll add "features" which need to send information back to the cloud or they will just secret

  • Everybody is focusing on the security issues with the recall feature in Microsoft Windows, but you guys remember that Microsoft bought a huge partnership stake and Open AI.

    Open AI is hungry for huge data sets to learn and teach their AI. And recall will be the data set that they need to teach it to replace you as a worker. This way Microsoft can sell their operating system in their AI features as a way to replace most workers that produce repetitive work that AI can do, such as reports or graphics or typewr

    • Have you noticed that the price of the Microsoft Windows operating system has been dropping so much that it's not even a big profit point for them anymore and you can buy license keys from third party online websites for a few dollars each for their operating system and Microsoft never cracks down on those sites?

      The OS is practically free because the value is in data mining the users, just like Google did!

      Internally I believe the company has shifted to data mining. The work that is being done under operatin

If all else fails, lower your standards.

Working...