San Francisco, June 4:  In May, Microsoft introduced its new Copilot+PCs with AI efficiency and integrated hardware and software. The tech giant also hinted at Windows 11's new Recall feature and touted that it would a photographic memory, allowing users to access what they saw or did on their personal computers. Since then, the Microsoft Recall feature has been a topic of debate. Some users called it a feature that would compromise their privacy and others believed that it would allow hacking a PC and private information easily. 

The Microsoft Recall feature will be coming to Copilot Plus PCs on June 18 likely in new Surface devices, 2024. The Recall feature will use AI models to process the screenshots of everything that a user does on his computer. This feature will let the user search and get all the information about his actions done in his computer within seconds. According to a report by The Verge, Kevin Beaumont, a cybersecurity expert, found that Microsoft's Recall feature had some flaws. Instagram Unskippable Ads: Meta-Owned Platform Testing New Feature That Will Stop Users From Scrolling Until They Watch Ad. 

Cybersecurity Expert Kevin Beaumont on Microsoft's Recall Feature:

Kevin Beaumont Says The Recall Feature Would Allow Malicious Attacks:

Microsoft promised that the Recall feature would remain secure, encrypted and on-device. The tech giant reportedly said the data would not be used to train AI models. Despite these promises, Kevin Beaumont pointed out that hackers could exfiltrate Copilot+ Recall activity remotely. He posted on X, "How do you think hackers will exfiltrate this plain text database of everything the user has ever viewed on their PC?  Very easily, I have it automated." 

Further, he explained that the Recall feature would take screenshots of what the users do every few seconds. These screenshots would then be turned into texts by OCR technology in Azure AI running on the computer. Then, Kevin said that they would be written into the SQLite database in the users' folder. He posted a blog titled "Stealing everything you've ever typed or viewed on your own Windows PC is now possible with two lines of code—inside the Copilot+ Recall disaster."

Kevin Beaumont further explained the hacking situation by providing a Q&A highlighting the problem and possibility of hacking. According to The Verge, Beaumont said that the database records everything a user views on a PC in plain text. The report said that the cybersecurity expert gave an example of the plain text database. He reportedly said that the locally stored database on the PC would be accessible by AppData folder if the user is an admin on a PC; however, Beaumont also stressed that it could be accessible even if the person is not an admin. Within seconds, he said the hackers would scrap everything the user had ever done. Microsoft Privacy Violation: Tech Giant Faces Complaints in EU Over Violating Children’s Data Protection Rights.

Kevin Beaumont said that disk encryption would be decrypted once the user logs in to the PC and runs software. It would work if someone stole the physical laptop, but the hackers do not come physically to steal anyone's laptop, he said. Some have called Microsoft Windows 11's upcoming Recall feature a 'privacy nightmare' and 'disaster'. On the other hand, Times of India said in its report that the Microsoft Recall feature could set the cybersecurity back by a decade.

(The above story first appeared on LatestLY on Jun 04, 2024 05:51 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).