Designed to make life easier for users, the Recall functionality, introduced in Windows by Microsoft, worries cybersecurity experts.
Presented last May, Windows’ Recall (“memory”) functionality continues to cause concern. With this tool functioning like a photographic memory, Microsoft aims to help users easily find what they did or saw on their computer. This is based on screenshots taken by Windows of what users are doing on their PC.
Worrying many Internet users about their private lives, Recall was also criticized by Elon Musk, who compared the functionality to “an episode of Black Mirror”. Targeted by an investigation by the British CNIL, it also concerns the world of cybersecurity, as spotted by the American site Mashable.
A worrying function
Tested by cybersecurity experts, Recall would be worse than people who criticized it imagined. They are particularly concerned about the fact that the function, which is optional, is activated by default and that passwords and other sensitive information are not excluded from the tool’s database.
“Stealing everything you’ve ever typed or watched on your own Windows PC is now possible with two lines of code,” warns cybersecurity expert Kevin Beaumont in a blog post.
Having tested Recall, he found that the tool records a history of almost everything the user has seen on their computer. Edge browser history in private mode is one of the rare items that is not saved by the feature.
Even more worrying, Recall also saves deleted data. Emails and messages from applications like Whatsapp are recorded by the tool, warned Kevin Beaumont. Even self-deleting messages, like those in the Signal app, are retrieved and saved in Recall’s database.
Microsoft defends itself
The cybersecurity expert also accuses Microsoft of having distributed inaccurate information on the security of its tool. Faced with criticism, the company assured that Recall data is stored in an encrypted format on the user’s computer. In other words, someone stealing a user’s computer would not be able to access this information.
A statement that is false, according to Kevin Beaumont. As he explains, the data is decrypted as soon as a user logs into their computer. It would then be enough for a hacker to access it remotely, with a Trojan horse (malware taking the appearance of legitimate software to lure victims) for example, to have access to this information.
Kevin Beaumont concludes his analysis by inviting Microsoft to “recall” its tool and “rework it to make it the functionality it deserves to be”.
