Microsoft has announced changes to its recently unveiled AI product, Recall, following criticism from security researchers. Recall was designed to create a searchable log of past activity by taking screenshots of users’ screens.
A month after Microsoft's CEO proclaimed that it would be "prioritizing security above all else", how did Recall happen? We discuss in our latest @DecipherSec podcast.https://t.co/eC15lJMbGZ
— Lindsey O'Donnell Welch (@LindseyOD123) June 10, 2024
CEO Satya Nadella referred to it as “photographic memory” that could “recreate moments from the past” using the company’s AI models.
However, security experts raised concerns that captured screenshots would contain sensitive information, including usernames and passwords.
We break down the Microsoft "recall" of Recall (background here: https://t.co/pv3rNIFiyS) in the latest @DecipherSec podcast:https://t.co/5fLqrMJgol
— Lindsey O'Donnell Welch (@LindseyOD123) June 10, 2024
Kevin Beaumont, a prominent figure in the cybersecurity community, criticized the initiative, calling it “the dumbest cybersecurity move in a decade.” Alex Hagenah, a researcher with SIX Group AG, developed a tool that could copy the Recall database and parse it for sensitive details. In response, Microsoft announced significant changes to Recall.
I was asked for an interview 🎙️ about my research on Recall by @DarkReading today, here's the article! 👇 https://t.co/D452yjtlPi
— Marc-André Moreau (@awakecoding) June 10, 2024
These include making it an opt-in feature, requiring biometric enrollment to enable it, and enhancing the encryption of the database. Pavan Davuluri, Microsoft’s corporate vice president of Windows and devices, emphasized the company’s commitment to improving privacy and security safeguards.
Microsoft recall security improvements
The changes come after a series of high-profile breaches attributed to state-aligned hackers. A report from the U.S. Cyber Safety Review Board criticized Microsoft for fostering a corporate culture that devalued security. This led CEO Nadella to order employees to prioritize security in product development.
Despite these pledges, security experts remain skeptical. Beaumont noted that the details of how these changes are implemented will be crucial. He suggested that security researchers conduct a thorough review of Microsoft’s enhanced security claims.
The controversy highlights the challenges tech companies face in balancing innovation with privacy concerns as they integrate AI into their products. Microsoft’s decision to limit the rollout of Recall underscores the need to prioritize user trust and security.
Johannah Lopez is a versatile professional who seamlessly navigates two worlds. By day, she excels as a SaaS freelance writer, crafting informative and persuasive content for tech companies. By night, she showcases her vibrant personality and customer service skills as a part-time bartender. Johannah's ability to blend her writing expertise with her social finesse makes her a well-rounded and engaging storyteller in any setting.
