With Microsoft hyping the Windows 11 AI-powered recall feature, earlier this week a security researcher who previously worked for the tech giant called it a ‘security disaster’.

This feature takes a screenshot of everything you do on your computer and makes all your past actions searchable. This may sound great at first, but one security expert claims that it stores data including passwords and card numbers in a plain text SQLite database.

Now, a developer named Alexander Higna has published a Python script that “copies the database and screenshots and then parses the database for potentially interesting patterns.” This means threat actors can automate the process of extracting passwords and other sensitive information and get away with it.

Windows 11 recall feature Recall makes all your past actions searchable. (Image source: Microsoft)

Since this tool can be used to search a database for terms like “password” and takes very little time and no encryption is broken, it allows hackers to steal all your information in mere seconds. may allow.

While Microsoft has repeatedly claimed that all Recall data is private and cannot be accessed by anyone other than the user, with several security measures that allow unauthorized users to access the database. Come forward. The tech giant also claimed that threat actors would need physical access to your machine if they wanted to steal your passwords, but malware could soon evolve to evade detection techniques.

A festive offering

For those who aren’t in the loop, the upcoming Windows 11 recall will be limited to Copilot Plus PCs arriving later this month, but the same security expert who called it a ‘security disaster’ to use it on PCs was able to NPU, which Microsoft says is a prerequisite for Recall to work.

© IE Online Media Services Pvt Ltd

First uploaded by: 06-06-2024 at 18:33 IST

Source link