Microsoft's Copilot Plus PCs Face Backlash Over Security Risks in New AI Recall Feature
- The Apple Square
- Jun 4, 2024
- 2 min read
Microsoft has launched a new ad campaign for its AI-centric Copilot Plus PCs, positioning them as superior to Apple's latest M3 MacBook Airs. However, despite the aggressive marketing, a key feature of these PCs, called Recall, has come under scrutiny for significant security flaws.
Recall was one of the standout features presented by Microsoft. It tracks and records all user activity on the computer, including every click, Zoom meeting, viewed and deleted files, and keystrokes. The idea is to provide users with an AI-powered "photographic memory" of their PC usage, making it easier to retrieve past activities and information.
Despite Microsoft's assurances about the security and privacy of Recall, security expert Kevin Beaumont has revealed critical vulnerabilities in the system. He demonstrated how Recall's extensive data logging could be easily exploited by hackers, turning what was touted as a secure feature into a potential security nightmare.
Beaumont shared his findings on social media, highlighting that while Microsoft claimed hackers couldn't remotely access Recall data, the reality is quite the opposite. The data, stored in plain text, can be easily extracted by hackers. Beaumont emphasized that even though the data processing is done locally on the laptop, this doesn't prevent malware or hackers from accessing it. He explained that encryption at rest is ineffective once the user is logged in, as the data is decrypted for use, making it vulnerable to attacks.
The security expert pointed out that InfoStealer trojans, which have been used for over a decade to steal usernames and passwords, could now be modified to extract Recall data effortlessly.
This revelation casts a shadow over Microsoft's latest push to lure customers away from Macs, raising questions about the security of its AI-driven features. As Microsoft continues to promote the Copilot Plus PCs, it will need to address these security concerns to maintain user trust and confidence in its products.
