Microsoft has made a significant update regarding its artificial intelligence function on new PCs, following concerns raised by security researchers about potential data exposure to attackers.
The feature, which allows for the taking of screenshots and enables searching of user activity, will now be turned off by default.
Key Points:
- Microsoft introduced the Recall feature for Copilot+ AI PCs, which drew scrutiny from security experts due to its potential vulnerability to hackers.
- The default setting for this feature will be changed, according to Microsoft.
- The company has also revealed additional security measures to address these concerns.
Initially presented as a highlight during a recent press briefing, Microsoft’s Recall capability was touted as a significant feature for the upcoming Copilot+ PCs equipped with AI capabilities.
Pavan Davuluri, Microsoft’s head of Windows and Surface devices, emphasised in a blog post that the feature would now be disabled by default unless users opt to activate it.
In navigating the fast-evolving landscape of AI integration into its products, Microsoft is faced with the challenge of maintaining a balance between innovation and security.
Recent scrutiny, particularly in light of a U.S. government review board’s critique of Microsoft’s handling of security breaches, underscores the importance of prioritizing user privacy and data security.
The integration of the Copilot conversational chatbot into Windows, reminiscent of OpenAI’s ChatGPT, has already been a step in this direction.
Both systems rely on cloud servers for computation, but Recall diverges by storing data locally on users’ computers without requiring additional internet connectivity.
In response to concerns raised after the Recall announcement, Microsoft CEO Satya Nadella emphasised a commitment to prioritising security and announced revisions to the company’s security protocols.
Security experts, however, have continued to raise questions about potential vulnerabilities, with some even developing software like Total Recall to demonstrate the data collection capabilities of Recall.
According to these practitioners, Recall stores data locally in an unencrypted format, posing potential risks if accessed by unauthorised parties. Screenshots taken by the feature are simply saved in a designated folder on the PC.
Microsoft’s decision to disable Recall by default underscores its commitment to addressing security concerns while continuing to innovate in AI integration for its products.
Hacking & Security Concerns
They expressed concern about attackers developing tools that can look for usernames and passwords contained in Recall screenshots.
Microsoft is adding security protections to Recall in addition to requiring people to manually turn it on once Copilot+ PCs become available on June 18. The search index database will be encrypted, Microsoft said.
“Windows Hello enrollment is required to enable Recall,” Davuluri wrote. “In addition, proof of presence is also required to view your timeline and search in Recall.”
With Windows Hello, users prove their identity by entering a PIN number, showing their face to the PC camera or providing a fingerprint.
“I think overall having a choice around opting in on home systems will save a lot of people security problems further down the line,” said former Microsoft cybersecurity analyst Kevin Beaumont,
“It never should have been enabled by default.” he said
Microsoft’s decision to disable the artificial intelligence function on new PCs, following security concerns raised by researchers, marks a proactive step towards safeguarding user privacy and data integrity
