Sonali Ray, reporter
In brief
- Security researchers expressed concern that the Recall feature for Copilot+ AI PCs, which Microsoft announced, could potentially expose user data to hackers.
- Microsoft announced on Friday that the feature will be disabled by default.
- Additionally, the software company disclosed security measures. After security researchers found that attackers could access the underlying data, Microsoft disabled the AI feature on new PCs that gathers screenshots and searches user behaviour by default.
At last month’s press announcement for Copilot+ PCs with AI computational capacity, Microsoft highlighted the Recall function.
“If you don’t proactively choose to turn it on, it will be off by default,” Microsoft’s Windows and Surface devices chief Pavan Davuluri said Friday on his blog.
Microsoft is balancing competing interests as it adds generative AI tools to its products and keeps up with the competition. The industry is changing quickly, yet user privacy and security are being monitored. A U.S. government review board criticized Microsoft for its response to China’s email hack of government officials.
Microsoft’s Copilot conversational chatbot, like OpenAI’s ChatGPT, is on Windows. ChatGPT and Copilot use cloud servers to compute and communicate responses to PCs. Recall doesn’t need internet computing power because it stores data on users’ computers.
Microsoft CEO Satya Nadella instructed employees to prioritise security and made security enhancements after the U.S. government report.
Industry experts are concerned that hackers could steal users’ data after Microsoft unveiled Recall, which searches PC logs.
Security experts created Total Recall to present Recall data.
“Windows Recall stores everything locally in an unencrypted SQLite database, and the screenshots are simply saved in a folder on your PC,” they stated in a GitHub description of Total Recall. Attackers creating techniques to find usernames and passwords in Recall screenshots worried them.
Once Copilot+ PCs are ready on June 18, Microsoft will add security to Recall and require explicit activation. The search index database will be encrypted, Microsoft stated.
“Windows Hello enrollment is required to enable Recall,” Davuluri added. Proof of presence is also needed to browse your timeline and search in Recall.”As the users has to input a PIN, show their face to the PC camera, or provide a fingerprint,.
I think generally having an option around opting in on home systems will save a lot of folks security problems further down the line’, former Microsoft cybersecurity specialist Kevin Beaumont, who criticised Recall’s original implementation, wrote on X on Friday. «It never should have been enabled by default.
Source: CNBC News
