Microsoft’s Recall

dada_dave · Jun 3, 2024

As @Nycturne said in the AI thread this topic could derail the AI thread as it has so many different paths so I thought I’d create a new thread specifically about it:

Recall: Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible.

Photographic memory comes to Windows, and is the biggest security setback in a decade.

doublepulsar.com

The overwhelmingly negative reaction has probably taken Microsoft leadership by surprise. For almost everybody else, it won’t have. This was like watching Microsoft become an Apple Mac marketing department.

Ouch.

And an earlier post by longhorn:

Recall: random notes about the security model – random blog

casperes1996 · Jun 3, 2024

But at the same time it’s not like windows has historically tried that hard to isolate process from each other anyway and at leash it used to be fairly trivial to read memory from another process

dada_dave · Jun 4, 2024

casperes1996 said:
But at the same time it’s not like windows has historically tried that hard to isolate process from each other anyway and at leash it used to be fairly trivial to read memory from another process

Absolutely, but I think the key point is here:

But if a hacker gains access to run code on your PC, it’s already game over!

A. If you run something like an info stealer, at present they will automatically scrape things like credential stores. At scale, hackers scrape rather than touch every victim (because there are so many) and resell them in online marketplaces.

Recall enables threat actors to automate scraping everything you’ve ever looked at within seconds.

During testing this with an off the shelf infostealer, I used Microsoft Defender for Endpoint — which detected the off the shelve infostealer — but by the time the automated remediation kicked in (which took over ten minutes) my Recall data was already long gone.

It’s the ease with which hackers are able to scape all this data that’s the issue. Sure more complicated methods can get often get the same info but now everything is all packaged neatly up for them. Nice little bow and all.

Nycturne · Jun 4, 2024

Yes. The approach taken with Windows’ security model of “If they get user level permissions, oh well, sorry” is depressing. I know folks scoff at Apple’s seemingly arbitrary approaches to security, but at least Apple seems to get that we’re in a world today where local apps shouldn’t be run in trusted contexts. It’s pretty reasonable to expect modern apps on macOS to be fully sandboxed and not be able to see or touch anything outside it’s container without user interaction. It’s not perfect coverage, because it’s still possible to ship apps without it enabled which is where you get your trojans, but it helps.

And to top it off, UAC bypasses are still very much a thing. Windows keeps riding that line between “this legacy thing shouldn’t be too noisy, so it won’t notify about elevation”, and “we wouldn’t want you to mistakenly install that weird thing you just downloaded”.

But yes, fundamentally my issues with Recall boil down to these things:

1) It creates a central repository of screen captures and annotations generated from those captures using ML models. Very tasty target that persists long enough to be at least as valuable as scraping your browser cache. This may be the new top target for scraping as it rolls out to users.
2) Microsoft’s behavior around Windows of late is user ambivalent at best, and getting quite hostile on average. Expecting good behavior 3-5 years from now is a stretch, IMO. At some point, I wouldn’t be surprised if engineering gets asked to find a way to train the ML on the user data to improve the features because of XYZ reason, creating more concerns in the process.
3) Microsoft talks about security, but then trips over itself trying to explain all the caveats around the type of data this captures which could be problematic (and which makes it an even more tempting target), on top of the general security issues Windows already has baked in.

That said, I think how Edge might be blocking screen captures when using a private tab is by marking the private tab as “DRM’d” somehow (i.e. marking the content as requiring HDCP). I wonder if other browsers can do the same? Maybe apps in general can sabotage the feature?

casperes1996 · Jun 5, 2024

Nycturne said:
That said, I think how Edge might be blocking screen captures when using a private tab is by marking the private tab as “DRM’d” somehow (i.e. marking the content as requiring HDCP). I wonder if other browsers can do the same? Maybe apps in general can sabotage the feature?

If so that would limit the abilities to use specific monitors/cables and screen casting with private Edge tabs.... That'll go down well

Nycturne · Jun 5, 2024

casperes1996 said:
If so that would limit the abilities to use specific monitors/cables and screen casting with private Edge tabs.... That'll go down well

It's a guess. It's either that or some new private API that Edge uses just for private tabs. Seeing as sites that require HDCP also triggers it, it's reasonable to guess that they used the same mechanism for both to save the time of creating the API.

Is HDCP still a big compatibility problem on Windows? About the only place where HDCP even matters to me is on the Apple TV, so I am a bit out of the loop on the landscape there.

casperes1996 · Jun 5, 2024

Nycturne said:
It's a guess. It's either that or some new private API that Edge uses just for private tabs. Seeing as sites that require HDCP also triggers it, it's reasonable to guess that they used the same mechanism for both to save the time of creating the API.

Is HDCP still a big compatibility problem on Windows? About the only place where HDCP even matters to me is on the Apple TV, so I am a bit out of the loop on the landscape there.

It's a good guess. It apparently also works for other Chromium browsers, not sure if they do the same.

It's not that long since I last heard someone complain that Netflix didn't work properly on their PC and it was because of HDCP.

Nycturne · Jun 6, 2024

casperes1996 said:
It's a good guess. It apparently also works for other Chromium browsers, not sure if they do the same.

That makes me think there very well could be another mechanism then, as I can’t find any reference to Incognito mode or the like triggering HDCP. Now I wonder what it actually is.

EDIT: It might actually be the WindowDisplayAffinity setting, since that can be used to prevent screenshots of your window from being taken: https://github.com/akinbicer/screen-capture-protector

casperes1996 said:
It's not that long since I last heard someone complain that Netflix didn't work properly on their PC and it was because of HDCP.

Fair enough. I’m not a fan of it, but it is what it is.

Although with laptops being more popular these days, and the display chain being fully integrated there unless you are hooking up to a TV or the like, things should be less twitchy on the first machines getting this feature.

dada_dave · Jun 8, 2024

A positive step:

Microsoft backtracks on new Recall feature — enhancing Recall's security and making it an opt-in decision

Lock it down, the public said of Recall, and Microsoft listened.

www.tomshardware.com

I mean it’s a little odd that this wasn’t the case from the start, but this is better.

Microsoft’s Recall

dada_dave

Elite Member

Recall: Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible.

casperes1996

Site Champ

dada_dave

Elite Member

Nycturne

Elite Member

casperes1996

Site Champ

Nycturne

Elite Member

casperes1996

Site Champ

Nycturne

Elite Member

dada_dave

Elite Member

Microsoft backtracks on new Recall feature — enhancing Recall's security and making it an opt-in decision