CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Malware & Threats

Researchers Show How Malware Could Steal Windows Recall Data

Cybersecurity researchers are demonstrating how malware could steal data collected by the new Windows Recall feature. The post Researchers Show How Malware Could Steal Windows Recall Data appeared first on SecurityWeek.

Windows Recall security

Several cybersecurity researchers have demonstrated how malware could steal data collected by Microsoft’s recently introduced Recall feature.

Recall, an on-by-default feature of new Copilot+ PCs, enables Windows users to easily find something they know they have seen before on their PC. 

The Recall feature takes screenshots at regular intervals to capture the user’s activities. All the data is stored and processed locally, which Microsoft was hoping would ease potential privacy concerns. 

However, cybersecurity and privacy experts immediately raised concerns, including due to the screenshots potentially containing highly sensitive information such as passwords and financial data, as well as due to the feature’s intrusiveness.

Microsoft told reporters that a threat actor would need physical access and valid credentials to a machine to obtain the collected data, but researchers have started demonstrating that the claim is false.

Researcher Marc-André Moreau showed how a remote desktop manager password collected by Recall can easily be recovered from a local unencrypted SQLite database, making it easy for information-stealing malware to obtain. 

Another cybersecurity expert, Alexander Hagenah, has made available an open source tool, named TotalRecall, that can easily extract and display data from the Recall database. 

“It’s a bit disappointing to see such a powerful feature not taking security more seriously. I hope Microsoft will address this before the official release,” Hagenah said

Researcher Kevin Beaumont has taken a close look at Recall’s security and warned that threat actors could modify infostealers to grab data from the new Windows feature.

Beaumont said the data collected by Recall is efficiently compressed, with several days worth of data needing less than 100 Kb of storage. 

The researcher claims he has conducted tests using an off-the-shelf infostealer malware, which managed to exfiltrate Recall data before it was detected by Microsoft Defender for Endpoint. 

Recall is currently in preview and Microsoft can still make changes to it before it becomes generally available. 

SecurityWeek has reached out to Microsoft for comment and will update this article if the tech giant responds.

Related: Microsoft Quick Assist Tool Abused for Ransomware Delivery

Related: Microsoft Overhauls Cybersecurity Strategy After Scathing CSRB Report

Related: Italy Temporarily Blocks ChatGPT Over Privacy Concerns 

Latest News

CYBERNEWSMEDIAPublisher