• Uncategorized

    After the security backlash, microsoft will switch off recall

    admin Posted on

    How To Save Snapshots from the Recall Tool: Comment on a Blog Post by David Hagenah, Security Analyst at Copilot+PCs

    A researcher with the Project Zero vulnerability research team published an update to a post on Wednesday, stating that he had found ways to access the recall data without administrator privileges. The post said that there was no admin required.

    Alex Hagenah, a cybersecurity strategist and ethical hacker, says that the second, simpler bypass technique is mindblowing. Hagenah recently built a proof-of-concept hacker tool called TotalRecall designed to show that someone who gained access to a victim’s machine with Recall could immediately siphon out all the user’s history recorded by the feature. Hagenah’s tool, however, still required that hackers find another way to gain administrator privileges through a so-called “privilege escalation” technique before his tool would work.

    With Forshaw’s technique, “you don’t need any privilege escalation, no pop-up, nothing,” says Hagenah. The tool for a bad guy would be the ideal place to implement this.

    Microsoft’s new Recall feature is calledphotographic memory and was hailed by Microsoft’s CEO as an innovative way to store your history on your PC. Within the cybersecurity community, a tool that silently takes a screenshot of your desktop every five seconds has been compared to a hacker’s dream.

    Security researchers have found out that the one remaining security safeguard for that feature can be easily defeated.

    “It makes your security very vulnerable,” according to the founder of Immunity, a security firm, Dave Aitel. “Anyone who penetrates your computer for even a second can get your whole history. Which is not what people want.

    “We are updating the set-up experience of Copilot+ PCs to give people a clearer choice to opt-in to saving snapshots using Recall,” reads a blog post from Pavan Davuluri Microsoft’s Corporate Vice President, Windows + Devices. If you don’t turn on it, it will be turned off by default.

    A Microsoft Cosmic Memo on “Do Security” versus “Don’t Forget It,” or Why We Shouldn’t Recall

    A memo issued last month by the Microsoft CEO made it clear that the company would make security a priority in business decisions. “If you’re faced with the tradeoff between security and another priority, your answer is clear: Do security,” Nadella’s memo read (emphasis his). “In some cases, this will mean prioritizing security above other things we do, such as releasing new features or providing ongoing support for legacy systems.”

    Microsoft intended the word “recall” to mean a kind of “perfect, artificial intelligence-enabled memory” when it named its new feature. Today, the other, unintended definition of “recall”—a company’s admission that a product is too dangerous or defective to be left on the market in its current form—seems more appropriate.

    Tagged:

    admin
    View all posts

    You Might Also Like