As Windows 11 prepares to introduce a new AI-powered feature called ‘Recall,’ which is tasked with capturing continuous screenshots of user activity, security experts are raising red flags about potential vulnerabilities. Despite assurances from Microsoft that the feature will be secure through encryption, some specialists have discovered troubling security issues.
A cybersecurity researcher carried out tests on the feature ahead of its official release and found significant security vulnerabilities. The main concern is that although Microsoft has promised an encrypted experience, the analyst found that the data gathered by the AI is actually stored unencrypted. This storage method poses a significant risk, as the plaintext data in the SQLite database contains a detailed record of users’ viewed content on their PCs.
The researcher warns that data being stored in plain text within the user’s folder could be accessed by cybercriminals through malware, potentially leading to widespread breaches powered by AI technology. Moreover, the claim that the data is stored locally and cannot be remotely accessed by hackers is under scrutiny. The feature’s database was capable of being accessed and exfiltrated remotely via the AppData files, contradicting the purported security.
While the details of how the data can be remotely infiltrated were not shared by the researcher, the documented ability to upload the database to a website and search its contents illustrates a significant flaw. The researcher has chosen to withhold the specific infiltration mechanisms to allow Microsoft the opportunity to address these issues before the feature is widely released.
Microsoft has yet to officially respond to these highlighted privacy and security concerns. However, since the Recall feature is not compulsory and can be turned off, users who are worried about their privacy can choose to disable it. The feature, along with the Copilot+PCs utilizing it, is slated to debut on June 18th, and it remains to be seen whether these security concerns will prompt Microsoft to implement changes before or following its launch.
The promise of an AI-powered user experience in Windows 11 has certainly captured the attention of technology enthusiasts and security professionals alike. However, as highlighted by the recent findings, there may still be ground to cover in ensuring data privacy and security are not compromised. As such, users are advised to stay informed and exercise caution with new software features, balancing the benefits of AI integration with the need to protect their personal information.
