A new discovery that the AI-enabled feature's historical data can be accessed even by hackers without administrator privileges only contributes to the growing sense that the feature is a “dumpster fire.”
Man, during my apprenticeship, I spent a month in the offensive security department, so white-hat hackers. My most memorable experience there was us scrolling through a WireShark log of a server (which a user had conveniently placed into a web-hosted folder, so our automated scanners could pick up on it).
Then we found an unencrypted FTP connection in there, which meant the password got logged in plain text and then we tried the same password for SSH. In roundabout 10 minutes, we had root access. On a real-world system.
And yeah, watching him scroll through those Recall logs, that felt eerily similar. Like you just need the right Ctrl+F, the right screenshot or any clue that they’re using some insecure technology which you can exploit. If you can extract those logs, it’s likely just a matter of time until you find something.
Also have a look at this video demonstration Hacking Windows Recall To See Everything (by Mental Outlaw).
Man, during my apprenticeship, I spent a month in the offensive security department, so white-hat hackers. My most memorable experience there was us scrolling through a WireShark log of a server (which a user had conveniently placed into a web-hosted folder, so our automated scanners could pick up on it).
Then we found an unencrypted FTP connection in there, which meant the password got logged in plain text and then we tried the same password for SSH. In roundabout 10 minutes, we had root access. On a real-world system.
And yeah, watching him scroll through those Recall logs, that felt eerily similar. Like you just need the right Ctrl+F, the right screenshot or any clue that they’re using some insecure technology which you can exploit. If you can extract those logs, it’s likely just a matter of time until you find something.