Microsoft’s Recall Feature Is Even More Hackable Than You Thought
Author: Andy Greenberg - Wired
A new discovery that the AI-enabled feature’s historical data can be accessed even by hackers without administrator privileges only contributes to the growing sense that the feature is a “dumpster fire.”
Since Recall was first announced last month, the cybersecurity world has pointed out that if a hacker can install malicious software to gain a foothold on a target machine with the feature enabled, they can quickly gain access to the user's entire history stored by the function.
In fact, just an hour after speaking to WIRED about Forshaw's finding, Hagenah added the simpler of Forshaw's two techniques to his TotalRecall tool, then confirmed that the trick worked by accessing all the Recall history data stored on another user's machine for which he didn't have administrator access. “So simple and genius,” he wrote in a text to WIRED after testing the technique.
“You cannot convince me that Microsoft's security teams looked at this and said ‘that looks secure,’” says Jake Williams, a former NSA hacker and now the VP of R&D at the cybersecurity consultancy Hunter Strategy, where he says he's been asked by some of the firm's clients to test Recall's security before they add Microsoft devices that use it to their networks. “As it stands now, it’s a security dumpster fire,” Williams says. “This is one of the scariest things I’ve ever seen from an enterprise security standpoint.”
Doug Austin and Prosearch have been covering Recall privacy concerns. It is not surprising that the local Recall database is hackable. Many forensic peers would call that an ‘accessibility feature’ for discovery scenarios. Will savvy plaintiff counsel add language to their demand letters requiring Recall enablement and content preservation for key custodians in scenarios with ongoing behavior issues? This is essentially user ephemeral data. My fabulous eDiscovery Assistant subscription found 103 discovery issue cites and 13 spoliation decisions.