Microsoft has announced an update to Recall, a recent tool powered by Artificial Intelligence (AI) and criticized by security experts, which will be disabled by default and require login with Windows Hello.
The company announced Recall at the end of May, a new feature integrated into the new Copilot+ PCs and activated automatically, which uses AI to create a “photographic memory” system that allows you to search for everything that has been seen or done in the device. computer.
That way, users can scroll through a timeline to find previously searched content in any app, document, or website. This is because Recall uses an index stored locally on the device being used.
Cybersecurity experts such as Kevin Beaumont have pointed out that this functionality could put users’ private information at risk because the feature itself would have some potential security flaws.
Based on tests with Recall, the researcher and former Microsoft employee discovered that the tool stored information in the SDLite plain text database, which would allow cybercriminals to access it and use it to commit fraud.
More specifically, Beaumont discovered that although the database is stored locally on a PC, it is possible to access it from the AppData folder as long as the person doing so is an administrator of that device, as reported by The Verge.
These and other criticisms from privacy advocates, who called it a potential “nightmare” for the security of user data, have led Microsoft to clarify some details of the tool.
Firstly, it has indicated that it will offer users “a clearer option” to choose to store Recall snapshots. This means that if it is not enabled “proactively, it will be disabled by default.”
Microsoft has also commented that enabling Recall now requires Windows Hello, which allows you to log in using facial recognition, fingerprint or a PIN number, associated exclusively with a device.
On the other hand, the brand has reported that it is adding additional layers of data protection in Copilot+ PC to encrypt the database that stores the content searched with Recall. On the other hand, it has introduced ‘Just in Time’ encryption, which will cause this photographic memory to be decrypted only when the user authenticates their identity through Windows Hello.
The company has finally indicated that this update will come into effect before Recall reaches Microsoft users and customers, that is, starting next June 18, with the launch of the new Copilot+ PC devices.
