As a seasoned researcher with over two decades of experience in the tech industry, I have seen my fair share of controversial features and their ensuing controversies. The Windows Recall feature of Windows 11 is no exception. While it’s undoubtedly an innovative step towards AI integration, the security concerns surrounding this feature are alarming.
The much-debated Windows Recall was introduced by Microsoft within the extensive Windows 11, version 24H2 update. This feature became available on Copilot+ computers, concurrently with other significant AI-focused capabilities such as Click To Do and Image Generation.
Despite positive initial reactions, the introduction of this feature has sparked criticism due to privacy and security issues, leading Microsoft to repeatedly adjust it. To elaborate, Windows Recall captures screenshots at regular intervals and employs on-device AI to examine and prioritize the content for analysis.
Although Microsoft has tried to resolve the security issues surrounding the debatable AI-driven Windows 11 feature, some security professionals still view it as a security flaw and a haven for hackers. They have criticized the feature despite Microsoft’s efforts to make it an opt-in experience and requiring Windows Hello for access.
Microsoft appears to have tackled most of the noted security concerns by launching this new feature for Copilot+ PCs last month, and more recently extending it to Intel and AMD Copilot+ PCs. As part of an extensive set of security enhancements aimed at making this AI technology more attractive to users, there’s a setting that screens out sensitive data from its captures. This setting is intended to prevent the feature from snapping images of any app or site containing sensitive information such as credit card numbers, social security numbers, and other vital financial details.
More critical security concerns abound for Windows Recall
However, a new report by Tom’s Hardware’s Avram Plitch, highlights the security setting could be counterproductive. Windows Recall captured sensitive financial information, including a credit card number and a random username and password while he was using Windows Notepad. Despite enabling the setting, the feature captured the sensitive information, even with obvious wording such as “Capital One Visa” adjacent to the numbers.
As an enthusiast, I’ll share that Plitch confessed the sensitive data utilized in the simulation was fictitious; however, he mirrored comparable outcomes when opting to use his personal credit card. To elevate the experiment, he crafted an HTML page with a web form requesting credit card information – details like type, number, expiration date, and security code (CVC).
In a bid to make Windows Recall intercept and stop the ongoing process, Plitch deliberately chose clear language. Yet, to his surprise, instead of blocking or halting the operation, Windows Recall captured the sensitive security page, with its complex financial data included.
In the situation when Plitch was using Oimoroni and Adafruit’s payment pages, Windows Recall, a Microsoft feature designed to shield sensitive data like credit card details, did not capture screenshots of these fields. This test case demonstrates that although Windows Recall may be capable of detecting real-world commerce sites in general, it was unable to effectively filter out and protect sensitive information in this particular instance for Plitch.
It’s also super important to remember that Windows Recall is still in beta, and only available via Microsoft’s Windows 11 preview program. As such, bugs like this are expected, and Microsoft wants feedback from testers to improve the product before it rolls out to the public.
Our own Senior Editor, Zac Bowden has been using Windows Recall since the preview first dropped, and in his findings, he was unable to get Windows Recall to capture any financial credit card information even when typed into Notepad as Plitch did. So this issue is likely down to the current preview nature of Recall and will hopefully be ironed out before Recall begins rolling out officially.
When the user sought comment from Microsoft about his findings, they were directed instead to a blog post detailing how Windows Recall filters and screens sensitive financial data from its images. In this article, Microsoft acknowledges that during the trial period, there may be instances where Recall fails to correctly filter out confidential information.
Read More
- ENJ PREDICTION. ENJ cryptocurrency
- BCH PREDICTION. BCH cryptocurrency
- Top gainers and losers
- EUR RUB PREDICTION
- JASMY PREDICTION. JASMY cryptocurrency
- TWT PREDICTION. TWT cryptocurrency
- ELA PREDICTION. ELA cryptocurrency
- Hololive Teams With Marvel on Big Deadpool & Wolverine Event
- EUR CAD PREDICTION
- MATH PREDICTION. MATH cryptocurrency
2024-12-13 13:09