US News

UK watchdog investigates Microsoft AI feature for use of screenshots


A recent investigation by the Information Commissioner’s Office (ICO) is looking into a new Microsoft feature that takes screenshots of users’ laptops every two seconds.

The Recall feature is set to be included in new Microsoft laptops as part of their artificial intelligence (AI) program Copilot+.

This feature captures everything the user does through screenshots taken at regular intervals, allowing the user to review their activity and conduct searches.

Due to concerns about security implications, the ICO stated: “We are reaching out to Microsoft to understand the measures in place to protect user privacy.”

Recall is designed to assist users in easily recalling and locating previously viewed content by utilizing natural language, AI, and “photographic memory,” according to Microsoft.

For example, if a user came across a brown leather bag while shopping online, they could later search “brown leather bag” in Recall to retrieve screenshots of when they viewed such items and related websites. This feature also scans through various files on the laptop to retrieve relevant information, providing suggestions for user actions based on the search.

Despite the potential benefits, a cyber security expert expressed concerns, describing the feature as an easy target for criminals.

“With this feature, endpoints become a more attractive target for criminals,” stated Muhammad Yahya Patel, a lead security engineer at Check Point, a cyber security firm. “It presents a one-shot attack opportunity for criminals, essentially enabling them to access a comprehensive inventory of information in a single location.”

Follow Sky News on WhatsApp
Follow Sky News on WhatsApp

Stay updated with the latest news from the UK and around the world by following Sky News

Tap here

Explore more from Sky News:
GCHQ boss warns about China’s impact on internet security

NHS data breach leads to publication on dark web

Microsoft reassured that all files are stored solely on users’ laptops and are inaccessible to individuals without direct device access, reducing the risk of unauthorized access by hackers through cloud-based systems.

However, the files are stored without any encryption, potentially exposing sensitive information like passwords or medical details in the screenshots.

If a user’s laptop is compromised, concerns arise about the ease of accessing extremely sensitive data.

“Imagine the wealth of information stored on a machine and the possibilities for threat actors,” highlighted Mr. Patel.

Charlie Milton, a vice president at cyber security firm Censornet, emphasized the heightened risks of scams, as hackers could potentially exploit user behavior by understanding their lifestyles through the feature.

“If I were a hacker, I would start by reviewing all recent screenshots to grasp your activities,” he added. “This deep understanding of user behavior allows malicious actors to manipulate and influence users, posing significant risks.”

Microsoft clarified to the BBC that a potential hacker would need physical access to a device, bypass security measures, and gain access before being able to view saved screenshots.

In a blog post about the feature, Microsoft emphasized user control, stating that users can “delete individual snapshots, adjust or delete time ranges in settings, or pause the feature at any point.” Users also have the option to stop the feature from recording specific apps and websites.



Source link

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.