, ,

Microsoft Recall: A game changer with high risks

In June, Microsoft postponed the introduction of its controversial Recall feature following a series of serious security concerns. The AI-powered tool, designed to capture all user activity over the previous six months, was positioned as a solution that helps users track their activities and efficiently find previously visited websites, documents and applications. Microsoft developed Recall to allow users to 'retrace their steps' by capturing screen snapshots every five seconds. The tool saves these images, cataloguing the viewed content using AI, and then offering it back to the user through a search functionality.

For cyber investigators, Recall could be a transformative force in gathering and analyzing evidence, improving both the investigative process and its outcomes. However, noise around cybersecurity concerns is loud – and for good reason. The tool’s ability to capture and duplicate data means that sensitive information could be exposed and leveraged by threat actors.

Transforming forensics, though gaps remain

Setting security concerns aside, Recall has the potential to revolutionize forensic investigations in the event of cyber incidents. First, its searchable format can dramatically speed up investigations by removing the arduous and time-consuming task of processing large quantities of evidence.

When digital evidence is lost – be it through browser history clearing or file deletion – Recall’s screen capturing ability would step in to ensure that it remains accessible. Equipped with Recall, investigators would also be able to visually verify their results, empowering greater confidence in the veracity of forensics findings.

Despite its advantages, Recall has critical blind spots. Most significantly, the absence of an audit log renders the access of Recall data by threat actors and users untraceable. Threat actors can also evade detection by using applications like Edge’s InPrivate mode, which Recall can’t track, and by engaging in activities hidden from the screen or by user settings. Looking at Recall as a whole, the advantages speak for themselves, but there’s no suggestion that it is the complete solution for investigators aiming to stop threat actors in their tracks.

Unintentionally handing threat actors the upper hand

Recall inherently risks exposing sensitive information that threat actors could exploit, which in the end was the driving force behind Microsoft’s decision to delay its rollout.

Following news of the release of Microsoft Recall, security researchers developed and released a tool named TotalRecall, which can locate, duplicate, and translate the data gathered by the Recall feature in a plaintext database, which is instantly searchable. Since attackers routinely exploit existing tools and systems to achieve their objectives, it is likely they would add TotalRecall to their arsenal, exploiting its insights where possible.

Lastly, Recall would likely elevate the risk of extortion. With access to snapshots of user activity and computer usage data, attackers will possess enough sensitive data to create a powerful incentive to pay a ransom. The likelihood that this data could contain personal information that poses a threat to an employee’s personal life, and even their safety, significantly increases the risks of exposure.

Meeting regulatory requirements

If Recall functions as designed, we must operate under the assumption that all data accessed by the user over the past six months could potentially be exfiltrated if compromised. The wide range of data collected by the technology makes it difficult to accurately categorize sensitive or regulated information. Aside from the risk of threat actors exploiting this data, Microsoft faces the difficult task of ensuring compliance with regulatory standards and preventing serious breaches.

Addressing concerns, but the door remains open

In response to concerns about TotalRecall and its duplication feature, Microsoft announced the implementation of two new security features. First, the company implemented just-in-time encryption on the database. While this encryption could potentially prevent the exfiltration of databases containing sensitive information, cybersecurity experts have not yet confirmed its effectiveness.

Additionally, Microsoft introduced a requirement for users to re-authenticate through Microsoft Hello before accessing the Recall feature. However, if attackers manage to bypass additional layers of security, unauthorized access remains a real concern, and sensitive data could still be compromised.

Microsoft has also emphasized that the Azure AI tool, which analyses the snapshots captured by Recall, processes data locally on the device’s AppData folder, ensuring sensitive information won’t be sent to the cloud. While this might allay the concerns of some, there is concrete evidence of AI prompts being manipulated to bypass security measures in other AI systems. Developers must remain vigilant about the possibility that threat actors could exploit these very prompts to gain unrestricted access to a device and the information within.

Microsoft’s acknowledgement of these concerns is promising, however additional preventive security measures are required to safeguard users from attackers who are on the sidelines looking for ways to exploit new technologies for their malicious activities.

Suggestions for future use

Looking ahead, there are a number of preventive security measures to bear in mind for the yet-to-be released tool for future users. Following these guidelines should increase security safeguards.

After enabling Recall, users should be meticulous in configuring its settings, strategically deciding which apps and websites shouldn’t fall under its remit. However, it is crucial for users to understand that not all applications and browsers are compatible with Recall’s privacy settings.

Users are also advised to deploy robust anti-malware tools or endpoint detection solutions that can alert you if there are suspicious attempts to access Recall data.

Finally, although it is still unclear whether Recall offers the option of shortening the retention period of its database, the implementation of such an option would limit the amount of data and reduce the potential for attackers to exploit it.

Recall promises a transformative shift in digital forensics, offering a powerful tool for evidence gathering and analysis thanks to its ability to retrieve data that would otherwise be out of reach. However, before it is implemented, Microsoft must address pressing security concerns and make user safety the overarching priority. We’ll need conclusive evidence that data exposure and the threat of extortion are eliminated before we can be confident in its functionality.

We list the best Active directory documentation tool.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

https://www.techradar.com/pro/microsoft-recall-a-game-changer-with-high-risks


December 2024
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 1011: The Year in Review – A Look at the Top Stories of 2024 This Week in Tech (Audio)

What's behind the tech industry's mass layoffs in 2024? : NPR Rabbit R1 AI Assistant: Price, Specs, Release Date | WIRED Stealing everything you've ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster. Microsoft delays Recall after security concerns, and asks Windows Insiders for help The Qualcomm Snapdragon X Architecture Deep Dive: Getting To Know Oryon and Adreno X1 Elon Musk: First Human Receives Neuralink Brain Chip Apple hit with €1.8bn fine for breaking EU law over music streaming Bluesky emerges The hidden high cost of return-to-office mandates Apple's Car Was Doomed by Its Lofty Ambitions to Outdo Tesla SpaceX pulls off unprecedented feat, grabs descending rocket with mechanical arms U.S. versus Apple: A first reaction Google Says It Won't Force Gemini on Partners in Antitrust Remedy Proposal U.S. Accuses Chinese Hackers of Targeting Critical Infrastructure in America U.S. Agency Warns Employees About Phone Use Amid Ongoing China Hack AT&T says criminals stole phone records of 'nearly all' customers in new data breach National Public Data confirms breach exposing Social Security numbers Schools Want to Ban Phones. Parents Say No. New York passes legislation that would ban 'addictive' social media algorithms for kids GPT-4o (omni) + new "Her"-style AI assistant (it's nuts) Google emissions jump nearly 50% over five years as AI use surges Trump proposes strategic national crypto stockpile at Bitcoin Conference Ten additional US states join DOJ antitrust lawsuit looking to break up Live Nation and TicketmasterThe Internet Archive just lost its appeal over ebook lending Hezbollah Pagers Explode in Apparent Attack Across Lebanon OpenAI raises $6.6 billion in largest VC round ever Painting by A.I.-Powered Robot Sells for $1.1 Million Netflix's Live Mike Tyson Vs. Jake Paul Fight Battling Sound & Streaming Glitches In Lead-Up To Main Event Infowars Sale to The Onion Rejected by Federal Bankruptcy Judge Supreme Court agrees to hear challenge to TikTok ban So You Want to Solve the NJ Drone Mystery? Our Expert Has Some Ideas Beeper's push for iMessage on Android is really over The Quiet Death of Ello's Big Dreams Japan finally ends mandatory form submission on floppy disks We'll Miss You: Pioneering instant messaging program ICQ is finally shutting down after nearly 30 years Spotify is going to break every Car Thing gadget it ever sold Game Informer to Shut Down After 33 Years In Memoriam Host: Leo Laporte Guests: Fr. Robert Ballecer, SJ, Richard Campbell, and Mikah Sargent Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsor: bitwarden.com/twit
  1. TWiT 1011: The Year in Review – A Look at the Top Stories of 2024
  2. TWiT 1010: The Densest State in the US – TikTok Ban, Drones Over Jersey, GM Quits Robotaxis
  3. TWiT 1009: Andy Giveth & Bill Taketh Away – Trump's Tech Titans, Crypto Boom, TikTok's US Ban, Intel CEO Exits
  4. TWiT 1008: Internet Legal – Australia's Social Media Ban for Kids, Smart Home Nightmare, Bluesky's Ascent
  5. TWiT 1007: All the Hotdogs in the World – China's "Salt Typhoon" Hack, Google on the Chopping Block, Recall AI