With Microsoft hyping the Windows 11 AI-powered Recall feature, earlier this week a security researcher who previously worked for the tech giant called it a ‘security disaster.’ The feature takes a screenshot of everything you do on your PC and makes all of your past actions searchable. This may look great at first, but a security expert claims it stores data including passwords and card numbers in a plain text SQLite database.
Now, a developer named Alexander Hagenah has published a Python script that “copies the databases and screenshots and then parses the database for potentially interesting artifacts.” This means threat actors can automate the process of extracting passwords and other sensitive information and get away with it. Since the tool can be used to look for terms like “password” from the database and takes little to no time and does not break any encryption, it might allow hackers to steal all your information in mere seconds.
While Microsoft has repeatedly claimed that all Recall data is private and cannot be accessed by anyone other than the user, several security exploits that allow unauthorised users to get access to the database how come to light. The tech giant also claimed that threat actors will need physical access to your machine if they want to steal your passwords but malware might soon evolve to evade detection techniques.
For those not in the loop, the upcoming Windows 11 Recall will be limited to Copilot Plus PCs coming later this month, but the same security expert who called it a ‘security disaster’ claims that he was able to use it on a PC without an NPU, which Microsoft says is a pre-requisite for Recall to work.