A new Copilot+ feature is being described as a “goldmine” for criminals, after the Information Commissioner’s Office confirmed it is investigating Microsoft’s updated software.
By Mickey Carroll, science and technology reporter
A new Microsoft feature that screenshots users’ laptops every two seconds is being investigated by the Information Commissioner’s Office (ICO).
The Recall feature will be installed on new Microsoft laptops and is part of their artificial intelligence (AI) programme Copilot+.
The feature will record everything a user does by taking screenshots every few seconds. It then allows the user to scroll back through their activity and search.
However, after security concerns were raised around the feature, the ICO said: “We are making enquiries with Microsoft to understand the safeguards in place to protect user privacy.”
Recall is designed to “help you easily find and remember things you’ve seen using natural language”, according to Microsoft, using AI and “photographic memory”.
For example, if a user was shopping online and spotted a nice brown leather bag, days later they could search “brown leather bag” in Recall.
It would then pull up screenshots of the times they were looking at a brown leather bag, and link them to the websites they were on. It would also search through pictures, documents, presentations and files and pull up anything relevant on their laptop.
It may even suggest actions the user would want to take in relation to their search.
However, one cyber security expert described the new feature as a “grab and go” target for criminals.
“With this feature, suddenly endpoints will become a more lucrative target,” said Muhammad Yahya Patel, lead security engineer at Check Point, a cyber security firm.
“It is a one-shot attack for criminals, like a grab and go, but with Recall they will essentially have everything in a single location.”
Read more from Sky News:
GCHQ boss says China ‘weakens security of internet’
Data stolen from NHS published on dark web
Microsoft said the files will all be stored locally on users’ laptops and “not accessed by Microsoft or anyone who does not have device access”, which should reduce the risk of hackers accessing the files on a cloud-based system.
However, the files won’t be censored in any way when they’re stored, meaning personal information like visible passwords or visible medical information will be kept in the screenshots.
If the user’s laptop is hacked into, there are concerns extremely sensitive data could become easily accessible.
“Imagine the goldmine of information that will be stored on a machine, and what threat actors can do with it,” said Mr Patel.
Charlie Milton, a vice president at cyber security firm Censornet, said the feature increases the risk of scams by potentially allowing hackers to understand their victims’ lifestyles.
“As a [hacker], the first thing I’ll do is go and look at all the screenshots of what you’ve been doing recently to understand your behaviour,” he said.
“If I’m going to try and make some money from you, the best way to do that is to pretend to be somebody that you’re likely to transfer money to and have been working with in the last 48 hours, and then tell you that my bank account details have changed.
“It would give those malicious actors a really good understanding of user behaviour and recent user behaviour in order for them to influence you. That’s really significant.”
Microsoft told the BBC a would-be hacker would need to gain physical access to a device, unlock it and sign in before they could access saved screenshots.
In a blog post about the new feature, Microsoft also said the user “is always in control” and can “delete individual snapshots, adjust and delete ranges of time in Settings, or pause at any point”. They can also stop the feature recording specific apps and websites.