Microsoft’s CEO Satya Nadella has praised the new Recall feature, calling it “photographic memory” for your PC. The feature stores a history of your desktop and makes it available for AI analysis. However, cybersecurity experts view it as a major risk, describing it as a hacker’s dream due to its ability to silently take screenshots every five seconds.
Security researchers have found that even the last safeguard meant to protect this feature from exploitation can be easily bypassed. Initially, it was believed that accessing Recall’s data required administrator privileges, which would at least alert users to potential unauthorized access. However, James Forshaw from Google’s Project Zero revealed methods to bypass this requirement, effectively removing this protection.
Forshaw outlined two techniques to access Recall data without admin privileges. The first method involves impersonating a program called AIXHost.exe, which can access restricted databases. The second, simpler method involves rewriting the access control lists on a target machine to grant the hacker access to the full database, as Recall data belongs to the user.
Alex Hagenah, a cybersecurity strategist, highlighted the severity of this vulnerability. He developed a proof-of-concept tool named TotalRecall, which previously required hackers to gain admin privileges before accessing the user’s history. Forshaw’s methods eliminate the need for privilege escalation, making unauthorized access much easier.
This security flaw poses significant risks, as it allows hackers to access a detailed history of a user’s activity without triggering security alerts. The ease of bypassing the admin privilege requirement makes this feature particularly concerning for cybersecurity professionals.
