The latest Risky Business episode on Recall is good, but one small correction - it doesn’t need SYSTEM rights.

Here’s a video of two MSFT employees gaining access to the Recall database folder - with SQLite database right there. Watch their hacking skills. (You don’t need to go this length as an attacker, either). Cc @riskybusiness

I’m not being hyperbolic when I say this is the dumbest cybersecurity move in a decade. Good luck to my parents safely using their PC.

Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster.

My look at the feature, FAQs from the community etc

doublepulsar.com/recall-steali…

this is the out of box experience for Windows 11's new Recall feature on Copilot+ PCs. It's enabled by default during setup and you can't disable it directly here. There is an option to tick "open Settings after setup completes so I can manage my Recall preferences" instead.

HT @tomwarren

You allow BYOD so people can pick up webmail and such. It’s okay, because when they leave you revoke their access, and your MDM removes all business data from the machine ✅

What the employee does: opens Recall, searches their email, files etc and pastes the data elsewhere.

Nothing is removed from Recall, as it is a photographic memory of everything the former employee did.

Security and privacy researchers - You can now install Copilot+ Recall on any ARM hardware (doesn’t need an NPU) or in Azure VMs.

Guide from @detective

The devices launch THIS MONTH to customers so I suggest people look at this.

github.com/thebookisclosed/Amp…

GitHub - thebookisclosed/AmperageKit: One stop shop for enabling Recall in Windows 11 version 24H2 on unsupported devices

One stop shop for enabling Recall in Windows 11 version 24H2 on unsupported devices - thebookisclosed/AmperageKit

^GitHub

Recent DHS published report handed to the US President which said it had "identified a series of Microsoft operational and strategic decisions that collectively pointed to a corporate culture that deprioritized enterprise security investments and rigorous risk management"

Microsoft: let’s use AI to screenshot everything users do every 5 seconds, OCR the screenshots, make it searchable and store it in AppData!

If anybody is wondering if you can enable Recall on a machine remotely without Copilot+ hardware support - yep.

I’ve also found a way to disable the tray icon.

I went and looked at YouTube for Recall to get out of the echo chamber and I can only find one positive video. Even the people at the event are slating it, including people with media provided Copilot+ PCs.

There’s some content creators who’ve realised it records their credit cards, so they’re making videos of their cards going walkies.

It’s going to be interesting to see how Microsoft get out of this one. They may have contractual commitments to ship Recall with external parties.

I thought they were risking crashing the Copilot brand with this one, but I was wrong looking at the videos and comments on them - I think they’re crashing the Windows consumer brand.

The reaction to photographic memory of what people do at home has - you’ll be surprised to know - not been seen as a reason to buy a device, but a reason why not to.

Microsoft has been declining to comment on criticism of Recall for a week - but they have apparently told a journalist off the record at Future that changes will be made before Copilot+ devices drop in the coming days.

This may include an attempt to invalidate researcher criticism, we’ll see.

WIRED has a piece about Total Recall, a now released tool which dumps keypresses, text and screenshots (they’re JPEGs) from Microsoft Recall

wired.com/story/total-recall-w…

Total Recall software by @xaitax github.com/xaitax/TotalRecall

Example search for ‘password’:

🪟 Captured Windows: 133
📸 Images Taken: 36
🔍 Search results for 'password': 22

📄 Summary of the extraction is available in the file:
C:\Users\alex\Downloads\TotalRecall\2024-06-04-13-49_Recall_Extraction\TotalRecall.txt

GitHub - xaitax/TotalRecall: This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots.

This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots. - xaitax/TotalRecall

^GitHub

I hadn’t been aware until today of the external reaction to Recall. Holy shit. Tim Apple must be pleased.

Everything from media coverage to YouTube to TikTok is largely negative. All the comments are negative.

These videos have tens of millions of views and hundreds of thousands of comments.

I knew it would be bad but.. it’s worse. I’ve spent hours looking at the sentiment and.. well, they probably would have got better coverage from launching an NFT of pregnant Clippy.