In the YouTube video titled "Hacking Into Windows Recall And Stealing Everything…," the speaker, Mudahar, expresses concerns about Microsoft's Recall feature, which takes periodic screenshots and stores them locally on Windows 11 devices. He installs the feature on an Apple M1 Max laptop with an ARM processor and demonstrates how it captures sensitive information, such as passwords and addresses. Mudahar argues that the potential risks of hacking and privacy breaches outweigh the benefits of the feature, which include filtering out certain websites and applications. He also uses a tool called Total Recall to extract the screenshots stored in an unencrypted SQL light database, raising concerns about the potential for exfiltration of sensitive information. Microsoft's claim that attackers would need physical access to a device to access the screenshots is disputed, as the data can be accessed remotely. The speaker suggests that less tech-savvy users may fall for online scams and potentially suffer from identity theft and financial loss due to the lack of automatic blurring of sensitive information in the screenshots. Microsoft is criticized for not addressing this issue effectively, and the speaker recommends an opt-out approach until the extent of the feature's implementation is clear.
00:10:00 In this section of the YouTube video titled "Hacking Into Windows Recall And Stealing Everything...," the hacker demonstrates how to extract data from the Windows Recall feature, which takes screenshots of the user's activity. The hacker quickly extracts the data, revealing a folder containing Total Recall headers, a base data file, an SQL database, and an Image store. The Image store contains easily accessible screenshots, some of which are relatively small in size. The hacker warns that if a hacker infects a user's computer with malware and grabs the screenshots, it could lead to the exfiltration of sensitive information, such as credit card information or addresses. The hacker also notes that the screenshots can be accessed remotely, making it easier for hackers to steal data without physical access to the device. Microsoft's claim that attackers would need physical access to a device to access the screenshots is disputed, as the data can be accessed remotely. The hacker also mentions that most people already run as administrators on their devices, making privilege escalation less of an issue for hackers. Additionally, the hacker suggests that Microsoft may be using the Recall feature to train an AI locally and potentially sending unidentifiable information to the cloud, raising concerns about privacy.
I wish we had AI to post video summaries.
There were a lot of free ones last year, but most of have gone premium by now.
Google: hold my beer
Here is the most interesting part.