Mastodawn

SomeGadgetGuy Jun 4, 2024

It just clicked in my brain. What I haven't been able to articulate about why I'm so anxious about #Windows Recall. I'm sure others have already gotten to where I am.

It's worse than "a system that tracks everything you do" and stores that info in a basic database that could be easily compromised.
It's worse than a nanny surveillance tool for companies to spy on their employees.

It's inescapable.

It doesn't matter if I make a dozen "how to disable recall" tutorials. The second YOUR data shows up on someone ELSE'S screen, it's in THEIR recall database.

It won't matter if you're a master #security expert specialist. You can't account for EVERY other computer you've ever interacted with. If a family member looks up an old email with your personal data in it, your data is now at risk.

If THEIR system is compromised YOUR data is at risk.

I just went from "vague feeling of unease" to "actively writing templates to canvas elected officials, regulators, and attorneys general."

@SomeGadgetGuy As far as I understood it - it was explained to me by a Microsoft Official - the database is secured in a similar way as your face-id data or fingerprint data is secured. It's bound to your account and even the admin can't access it, because it's not a password and stored locally. That's why only devices with certain security hardware and maximum enabled security features can even activate that feature. Which doesn't mean that won't change in the future.

Advanced Persistent Teapot Jun 4, 2024

@droidboy @SomeGadgetGuy this is false, it is stored in %APPDATA% as an unencrypted sqlite database, accessible by anyone on the device with administrator rights.

H/T @GossiTheDog for details.

Ben Aveling Jun 4, 2024

@droidboy Your contact is, at best, misinformed. I would suggest not treating them as a reliable source on other matters as well.

https://cyberplace.social/@GossiTheDog/112557470517456023

Kevin Beaumont (@[email protected])

Attached: 1 image Windows Central, about the only outlet giving Recall positive coverage and having articles tweeted by Microsoft staff - have updated their take after being hands on with a device. https://www.windowscentral.com/software-apps/windows-11/microsoft-should-recall-windows-recall-security-researcher-finds-microsofts-new-ai-tool-woefully-insecure

Cyberplace

Clifton Royston Jun 4, 2024

@droidboy @SomeGadgetGuy

It's already been demonstrated that it's vulnerable. Read Kevin Beaumont's articles on it.

Microsoft is relying on people not having the knowledge or background to verify what it's telling the public.

Robin Jun 4, 2024

@droidboy @SomeGadgetGuy
There's more description of how it's actually, erm, "secured" here: https://cyberplace.social/@GossiTheDog/112557470517456023

@GossiTheDog has written quite a lot about this that's worth reading.

Kevin Beaumont (@[email protected])

Attached: 1 image Windows Central, about the only outlet giving Recall positive coverage and having articles tweeted by Microsoft staff - have updated their take after being hands on with a device. https://www.windowscentral.com/software-apps/windows-11/microsoft-should-recall-windows-recall-security-researcher-finds-microsofts-new-ai-tool-woefully-insecure

Cyberplace

Matt Hardy 3.11 for Workgroups Jun 4, 2024

@droidboy @SomeGadgetGuy I think if you're asking microsoft officials how secure it is then you're not getting both sides of the story. Mandy Rice-Davies applies. Investigations from security researchers are telling a different story. https://doublepulsar.com/recall-stealing-everything-youve-ever-typed-or-viewed-on-your-own-windows-pc-is-now-possible-da3e12e9465e There is now a proof of concept hacker tool called total recall that allows an intruder with access to your computer to dump out and exfiltrate the recall database within seconds.

Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster.

I wrote a piece recently about Copilot+ Recall, a new Microsoft Windows 11 feature which — in the words of Microsoft CEO Satya Nadella- takes “screenshots” of your PC constantly, and makes it into an…

DoublePulsar

Asta [AMP]Jun 4, 2024

@droidboy @SomeGadgetGuy I know others have already discussed why this isn’t quite true below, but as a security rule of thumb one should always keep in mind that if the data can be accessed legitimately, it can also be accessed illegitimately. There are at least as many ways into a building as there are doors, so to speak. Hence why the safest data is the data you never collect.

Lillian Violet Jun 4, 2024

@droidboy @SomeGadgetGuy But the data is still processed into a model. And most likely that model will generate analytics that will be sent to HQ. And one thing my experience has taught me is that recreating data from models is easier than tech companies want to admit, and they only do this to skirt the law and not directly upload your data.

gunstick Jun 4, 2024

@droidboy @SomeGadgetGuy it is as secure as you, logged in user, can access it, and any program you run can access it. Which includes info stealing malware. Ohhhh

@gunstick @SomeGadgetGuy Thats the thing we need to see happening in the wild first, please. :-) I dont want to believe MS is building it like that. As what I was told was, that its in the same container as your fingerprint.

gunstick Jun 4, 2024

@droidboy @SomeGadgetGuy no. You cannot read out the fingeprint to make copies of. But you can read out recall data. So it cannot be the same container, else you would not be able to read the recall data.

@gunstick @SomeGadgetGuy Can't wait to see how they actually do it.

gunstick Jun 4, 2024

@droidboy @SomeGadgetGuy it's a simple mysql file on your disk. That's all.

@gunstick @SomeGadgetGuy I will repeat it until we see it in real life on June 16th: We don't know yet :-) You can tell me than that you already knew it. But wait until it actually gets released and somebody could look at it, please! :D

gunstick Jun 4, 2024

@droidboy @SomeGadgetGuy people already had a look at it, and it is horrifying.
He somehow managed to get the software. So here you go: https://doublepulsar.com/recall-stealing-everything-youve-ever-typed-or-viewed-on-your-own-windows-pc-is-now-possible-da3e12e9465e

Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster.

I wrote a piece recently about Copilot+ Recall, a new Microsoft Windows 11 feature which — in the words of Microsoft CEO Satya Nadella- takes “screenshots” of your PC constantly, and makes it into an…

DoublePulsar

@gunstick @SomeGadgetGuy I read that, and I assume he got a view on a MVP. I do not want to believe this is actually the final product.

gunstick Jun 4, 2024

@droidboy @SomeGadgetGuy how do you imagine the final product will be used?
To be secure it would need a public key which encrypts everything going into the database and a secret key stored on an external device you have to activate each time you want to interact with the database. Think yubikey.
If the currently logged in user can interact with recall data the same easy way as windows search, then it is acessible to every malware you may be running.

@gunstick @SomeGadgetGuy So what we know is that only Copilot needs access to that database. Is there no way to develop the access management in that way that only the software Microsoft controlls can access it? No public API needed in any way. Granted: What Copilot will show you might be accessable to the malware as this is what the user will see at the end.

gunstick Jun 4, 2024

@droidboy @SomeGadgetGuy malware will hide as a system uodate requesting elevated privileges, and the user will simply click OK as he does with all the other dozens of popups he sees per day.

@gunstick @SomeGadgetGuy There will be no way you can grant access as an admin to any other app. Only Copilot will have access. Is that possible in windows?

gunstick Jun 4, 2024

@droidboy @SomeGadgetGuy if copilot is running in another vm under the same hypervisor as windows. Oh windows is not running as a VM?
Well then: no.
If the recall database is encrypted and is on the same storag as the rest of the OS, then copilot has the password. And having admin privileges will open that up to inspection. Game over.

SomeGadgetGuy Jun 4, 2024

@gunstick @droidboy

That's what I want to see. Before you can interact with Recall you HAVE to plug in a security key. We just know MS won't do anything like that, because it'll then look scary (which it should), and they want it to be "frictionless".

The idea of it being more secure, Microsoft is doing bad infomercial acting about how inconvenient and complicated security is.

SomeGadgetGuy Jun 4, 2024

@gunstick @droidboy yup. Stored in the user App data folder.

gunstick Jun 4, 2024

@SomeGadgetGuy @droidboy ah, yes. That vaguely hidden folder, so it must be secure™
I wonder if they now store the fingerprints also there sonthey can still claim that it's stored at the same place.

SomeGadgetGuy Jun 4, 2024

@gunstick @droidboy
Security through obscurity!

synlogic Jun 4, 2024

@SomeGadgetGuy @gunstick @droidboy my ideal: security through not totally blatant forehead-slapping levels of idiocy & self-ownage

@synlogic @SomeGadgetGuy @gunstick I am so glad you got the opportunity to show how much better you are than the security guys from Microsoft.

D S Jun 4, 2024

@droidboy shut up

@dantescanline Dude. :-) That's not the style you want to be remembered for. Do you?

synlogic Jun 4, 2024

@droidboy @SomeGadgetGuy as soon as Recall's database is on hosts out in the wild it will become the No 1 juicy pinata for black hat vuln researchers to study and try to find its flaws. matter of time til they find access

SomeGadgetGuy Jun 4, 2024

@synlogic @droidboy
If I were a betting man, I would place the first exploit discovered in under two hours.
Anyone got the Vegas odds on that?

stefan Jun 4, 2024

@droidboy does not seem to be super protected? https://graz.social/@GossiTheDog@cyberplace.social/112549659293452537 (other posts say its a simple SQLite DB?) @SomeGadgetGuy

Kevin Beaumont (@[email protected])

Attached: 1 image Somebody made a tool called Total Recall to dump Recall database and screenshots. https://x.com/xaitax/status/1797349055917416457?s=46

Cyberplace

PYM le pirate capoeiriste Jun 5, 2024

@droidboy @SomeGadgetGuy In fact no… it's just stored in the user local appdata… so the protection is the same as the one of any file of a user. It is mad so by design in order to allow those data to be shared between users.

It is envisaged in the future to rely on the "secure enclave" of the computer (if any is available) but at the moment… absolutly not. This was just considered during dev as "feasible".

This was in the MS presentation of the feature