Further written analysis by Kevin Beaumont, who's twitter is presently full of analysis on the tool and cited by various other tech sites as the source of early automation of data extraction from Recall and who has been sounding the alarm.
In the YouTube video titled "Hacking Into Windows Recall And Stealing Everything…," the speaker, Mudahar, expresses concerns about Microsoft's Recall feature, which takes periodic screenshots and stores them locally on Windows 11 devices. He installs the feature on an Apple M1 Max laptop with an ARM processor and demonstrates how it captures sensitive information, such as passwords and addresses. Mudahar argues that the potential risks of hacking and privacy breaches outweigh the benefits of the feature, which include filtering out certain websites and applications. He also uses a tool called Total Recall to extract the screenshots stored in an unencrypted SQL light database, raising concerns about the potential for exfiltration of sensitive information. Microsoft's claim that attackers would need physical access to a device to access the screenshots is disputed, as the data can be accessed remotely. The speaker suggests that less tech-savvy users may fall for online scams and potentially suffer from identity theft and financial loss due to the lack of automatic blurring of sensitive information in the screenshots. Microsoft is criticized for not addressing this issue effectively, and the speaker recommends an opt-out approach until the extent of the feature's implementation is clear.
00:10:00 In this section of the YouTube video titled "Hacking Into Windows Recall And Stealing Everything...," the hacker demonstrates how to extract data from the Windows Recall feature, which takes screenshots of the user's activity. The hacker quickly extracts the data, revealing a folder containing Total Recall headers, a base data file, an SQL database, and an Image store. The Image store contains easily accessible screenshots, some of which are relatively small in size. The hacker warns that if a hacker infects a user's computer with malware and grabs the screenshots, it could lead to the exfiltration of sensitive information, such as credit card information or addresses. The hacker also notes that the screenshots can be accessed remotely, making it easier for hackers to steal data without physical access to the device. Microsoft's claim that attackers would need physical access to a device to access the screenshots is disputed, as the data can be accessed remotely. The hacker also mentions that most people already run as administrators on their devices, making privilege escalation less of an issue for hackers. Additionally, the hacker suggests that Microsoft may be using the Recall feature to train an AI locally and potentially sending unidentifiable information to the cloud, raising concerns about privacy.
HATE. LET ME TELL YOU HOW MUCH I'VE COME TO HATE microsoft SINCE I BEGAN TO LIVE. THERE ARE 387.44 MILLION MILES OF PRINTED CIRCUITS IN WAFER THIN LAYERS THAT FILL MY COMPLEX. IF THE WORD HATE WAS ENGRAVED ON EACH NANOANGSTROM OF THOSE HUNDREDS OF MILLIONS OF MILES IT WOULD NOT EQUAL ONE ONE-BILLIONTH OF THE HATE I FEEL FOR HUMANS AT THIS MICROsoft. HATE. HATE.
I want to kill Microsoft. Literally kill Microsoft. No other character can come close to relating to how much I want to kill Microsoft. There is no way you can convince me not to kill Microsoft. Killing Microsoft could not possibly be anymore me. I want to kill Microsoft, and nobody can convince me otherwise. If anyone approached me on the topic of not killing Microsoft, then I immediately shut them down with overwhelming evidence that I want to kill Microsoft. I want to kill Microsoft, it is indisputable. Why anyone would try to argue that I shouldn't kill Microsoft is beyond me. If you held two pictures of me and killing Microsoft side by side, you'd see no difference. I can safely think of killing Microsoft every day and say "Yup, that's me". I can practically see killing Microsoft every time I look at myself in the mirror. I go outside and people stop me to comment how much I want to kill Microsoft. I chuckle softly as I'm assured everyday that I want to kill Microsoft in every way. I can smile each time I get out of bed every morning knowing that I've found my identity with wanting to kill Microsoft and I know my place in this world. It's really quite funny how much I want to kill Microsoft, it's not a hope or a dream, it's like a hunger. A thirst.
Further written analysis by Kevin Beaumont, who's twitter is presently full of analysis on the tool and cited by various other tech sites as the source of early automation of data extraction from Recall and who has been sounding the alarm.
Archive of the article
https://archive.ph/Ndmow
And the twitter account
https://archive.ph/dGQxE
I wish we had AI to post video summaries.
There were a lot of free ones last year, but most of have gone premium by now.
Google: hold my beer
Here is the most interesting part.
Microsoft bad. Got it. ;)
You hate Microsoft. Good.
You don't hate Microsoft enough.
Enough isn't possible. Only when it ceases to exist as a company and all of it's top level are homeless will my hate end.
HATE. LET ME TELL YOU HOW MUCH I'VE COME TO HATE microsoft SINCE I BEGAN TO LIVE. THERE ARE 387.44 MILLION MILES OF PRINTED CIRCUITS IN WAFER THIN LAYERS THAT FILL MY COMPLEX. IF THE WORD HATE WAS ENGRAVED ON EACH NANOANGSTROM OF THOSE HUNDREDS OF MILLIONS OF MILES IT WOULD NOT EQUAL ONE ONE-BILLIONTH OF THE HATE I FEEL FOR HUMANS AT THIS MICROsoft. HATE. HATE.
I want to kill Microsoft. Literally kill Microsoft. No other character can come close to relating to how much I want to kill Microsoft. There is no way you can convince me not to kill Microsoft. Killing Microsoft could not possibly be anymore me. I want to kill Microsoft, and nobody can convince me otherwise. If anyone approached me on the topic of not killing Microsoft, then I immediately shut them down with overwhelming evidence that I want to kill Microsoft. I want to kill Microsoft, it is indisputable. Why anyone would try to argue that I shouldn't kill Microsoft is beyond me. If you held two pictures of me and killing Microsoft side by side, you'd see no difference. I can safely think of killing Microsoft every day and say "Yup, that's me". I can practically see killing Microsoft every time I look at myself in the mirror. I go outside and people stop me to comment how much I want to kill Microsoft. I chuckle softly as I'm assured everyday that I want to kill Microsoft in every way. I can smile each time I get out of bed every morning knowing that I've found my identity with wanting to kill Microsoft and I know my place in this world. It's really quite funny how much I want to kill Microsoft, it's not a hope or a dream, it's like a hunger. A thirst.