A new Microsoft feature that captures users’ laptops every two seconds is under investigation by the Information Commissioner’s Office (ICO).
The reminder function will be installed on new Microsoft laptops and is part of their artificial intelligence Program (AI) Copilot+.
The feature will record everything a user does by taking screenshots every few seconds. It then allows the user to go back in their activity and search.
However, after security concerns were raised around this feature, the ICO said: “We are investigating with Microsoft to understand the safeguards in place to protect user privacy. »
Recall is designed to “help you easily find and remember things you’ve seen using natural language,” according to Microsoft, using AI and “photographic memory.”
For example, if a user was shopping online and noticed a cute brown leather bag, a few days later they might search for “brown leather bag” in Recall.
It would then display screenshots of the moments they were looking at a brown leather bag and link them to the websites they were on. It would also search for images, documents, presentations and files and retrieve anything relevant from their laptop.
It can even suggest actions that the user would like to take in relation to their search.
However, a cyber security The expert described the new feature as a “grab and go” target for criminals.
“With this feature, endpoints will suddenly become a more lucrative target,” said Muhammad Yahya Patel, chief security engineer at Check Point, a cybersecurity company.
“It’s a one-off attack for criminals, like a grab and go, but with Recall they will essentially have everything in one place.”
Read more on Sky News:
GCHQ boss says China is ‘weakening internet security’
Data stolen from the NHS published on the dark web
Microsoft said the files will all be stored locally on users’ laptops and “not accessible to Microsoft or anyone without access to the device”, which should reduce the risk of hackers accessing the files. on a cloud-based system.
However, the files will not be censored in any way when stored, meaning that personal information such as visible passwords or visible medical information will be retained in screenshots.
If the user’s laptop is pirate There are concerns that extremely sensitive data could become easily accessible.
“Imagine the goldmine of information that will be stored on a machine and what bad actors can do with it,” Patel said.
Charlie Milton, vice president of cybersecurity company Censornet, said the feature increases the risk of scams by potentially allowing hackers to understand their victims’ lifestyles.
“Like a [hacker]The first thing I’ll do is go see all the screenshots of what you’ve done recently to understand your behavior,” he said.
“If I want to try to make money from you, the best way to do it is to pretend to be someone you are likely to transfer money to and have worked with over the last 48 hours, then tell you that my bank details have changed.
“That would give these bad actors a really good understanding of user behavior and recent behavior so they can influence you. That’s really important.”
Microsoft told the BBC that a potential hacker would have to physically access a device, unlock it and log in before being able to access saved screenshots.
In a blog post about the new feature, Microsoft also said that the user “is always in control” and can “delete individual snapshots, adjust and delete time ranges in Settings, or pause at any time “. They can also stop the recording functionality of specific apps and websites.
