Microsoft AI feature investigated by British watchdog via screenshots

A Microsoft event showcasing the company's AI assistant, Copilot. Pic: AP

A new Microsoft feature that takes a screenshot of users’ laptops every two seconds is being investigated by the Information Commissioner’s Office (ICO).

The Recall feature is installed on new ones Microsoft laptops and is part of their artificial intelligence (AI) program Copilot+.

The feature records everything a user does by taking screenshots every few seconds. The user can then scroll back through his activity and search.

However, after security concerns were raised around the feature, the ICO said: “We are inquiring with Microsoft to understand the security measures in place to protect user privacy.”

Recall is designed to “help you easily find and remember things you’ve seen in natural language,” according to Microsoft, using AI and “photographic memory.”

For example, if a user was shopping online and saw a nice brown leather bag, days later they could search Recall for “brown leather bag.”

It then showed screenshots of the times they looked at a brown leather bag and directed them to the websites they were on. It would also search through images, documents, presentations and files and pull up anything relevant on their laptop.

It can even suggest actions the user would like to take regarding their search query.

However, one cybersecurity One expert described the new feature as a ‘grab and go’ target for criminals.

“With this feature, endpoints will suddenly become a more lucrative target,” said Muhammad Yahya Patel, chief security engineer at Check Point, a cybersecurity company.

“It’s a one-shot attack for criminals, like a grab and go, but with Recall they essentially have everything in one location.”

Follow Sky News on WhatsApp
Follow Sky News on WhatsApp

Stay up to date with the latest news from the UK and around the world by following Sky News

click here

Read more from Sky News:
GCHQ boss says China ‘weakens internet security’

Data stolen from NHS published on dark web

Microsoft said the files will all be stored locally on users’ laptops and “won’t be accessible by Microsoft or anyone who doesn’t have device access,” which should reduce the risk of hackers accessing the files on a cloud-based system.

However, the files are not censored in any way when they are saved, meaning that personal information such as visible passwords or visible medical information is retained in the screenshots.

If the user’s laptop is hacked There are concerns that highly sensitive data could become easily accessible.

“Imagine the gold mine of information stored on a machine and what threat actors can do with it,” Patel said.

Charlie Milton, vice president at cybersecurity firm Censornet, said the feature increases the risk of scams by potentially allowing hackers to understand the lifestyles of their victims.

“Like a [hacker]the first thing I’m going to do is look at all the screenshots of what you’ve done lately to understand your behavior,” he said.

“If I’m going to try to make some money from you, the best way to do it is to pretend to be someone you’re probably going to transfer money to and have been working with for the past 48 hours, and then tell you that my bank account details have changed.

“It would give those malicious actors a really good insight into user behavior and recent user behavior so they can influence you. That’s really important.”

Microsoft told the BBC that a potential hacker would need to gain physical access to a device, unlock it and log in before accessing saved screenshots.

In a blog post about the new feature, Microsoft also said the user is “always in control” and can “delete individual snapshots, adjust and delete time ranges in Settings, or pause at any time.” They can also stop the recording feature for specific apps and websites.

Leave a Reply

Your email address will not be published. Required fields are marked *