It’s only been two weeks since Microsoft unveiled Windows Recall as a key feature of its Copilot artificial intelligence tool, but the software feature is already being blasted by security experts. The feature, which tracks all activity on a Windows computer to make things easier to find later using natural language, is being labeled a hackable security disaster. At least one white-hat hacker already created a tool that can extract sensitive data from Recall. It’s called, naturally, TotalRecall and is available on Github now.
The feature is part of a new generation of PCs that Microsoft announced at its Build event and that it labeled Copilot Plus, set to launch on June 18. Using AI, Recall is supposed to capture data from across all applications, unless you exclude any, by taking a series of screenshots and storing these interactions in a database. It runs locally and can function without an internet connection and even when you’re not logged in to your Microsoft account. In response to a query from CNET, Microsoft pointed to a Windows support page it had published with information on privacy and security aspects of Recall.
Other sites also have published guides on how to disable the feature. The short version: go to Windows settings, select Privacy & Security, go to Recall & Snapshots and use these settings to toggle off the feature or delete any data that’s already been collected. Security expert Kevin Beaumont posted a detailed analysis on Medium after testing out the feature, which is expected to be enabled by default on these new Copilot Plus systems. Beaumont said the feature will appeal to some people, but it presents such a huge security risk that it could take down the entire Copilot Plus brand.
- Windows Recall foi criticado por especialistas em segurança
- A ferramenta é considerada um desastre de segurança hackeável
- O recurso faz parte de uma nova geração de PCs que a Microsoft anunciou em seu evento Build