GossiTheDog

GossiTheDog OP , vor 11 Tagen

Still essentially zero detection for GrimResource. PoC that spawns calc: https://gist.github.com/joe-desimone/2b0bbee382c9bdfcac53f2349a379fa4

#threatintel

GossiTheDog OP , vor 11 Tagen

@SwiftOnSecurity essentially. I was looking at VirusTotal just now, apparently .msc misuse has been supercharged for a while now, e.g. I can see red teams using WebDAV paths in icon parameters to get SMB hashes

GossiTheDog , vor einem Monat

@SwiftOnSecurity I have so many questions

GossiTheDog OP , vor einem Monat

Here’s Copilot+ Recall search in action, showing instant text based search finding a WhatsApp chat and a PDF from 6 months ago being viewed on screen.

image/jpeg

GossiTheDog OP , vor einem Monat

Two quick updates -

A) if you disallow recording of a website in Control Panel or GPO, in Chrome it is still recorded - disallow recording only works in Edge browser

B) Firefox and Tor Browser is recorded always, including in private mode - the exception is Hollywood DRM’d videos

GossiTheDog OP , vor einem Monat

I got ahold of the Copilot+ software.

Recall uses a bunch of services themed CAP - Core AI Platform. Enabled by default.

It spits constant screenshots (the product brands then “snapshots”, but they’re hooked screenshots) into the current user’s AppData as part of image storage.

The NPU processes them and extracts text, into a database file.

The database is SQLite, and you can access it as the user including programmatically. It 100% does not need physical access and can be stolen.

GossiTheDog OP , vor einem Monat

And if you didn’t believe me.. found this on TikTok.

There’s an MSFT employee in the background saying “I don’t know if the team is going to be very happy…”

They should probably be transparent about it, rather than telling BBC News you’d need to be physically at the PC to hack it (not true). Just a thought.

video/mp4

GossiTheDog OP , vor einem Monat

I ponder if Microsoft's engineers are following the SQLite code of ethics, since they're using it in Windows OS with Copilot+ Recall? :D https://sqlite.org/codeofethics.html

GossiTheDog OP , vor einem Monat

So the code underpinning Copilot+ Recall includes a whole bunch of Azure AI backend code, which has ended up in the Windows OS. It also has a ton of API hooks for user activity monitoring.

Apps themselves can also search and make themselves more searchable.

It opens a lot of attack surface.

The semantic search element is fun.

They really went all in with this and it will have profound negative implications for the safety of people who use Microsoft Windows.

GossiTheDog OP , vor einem Monat

If you want to know where tech companies are with AI safety, know Microsoft Recall won’t record screenshots of DRM’d movies..

..but will record screenshots of your financial records and WhatsApp messages, as corporate interests were prioritised over user safety.

And it’s enabled by default.

GossiTheDog OP , vor einem Monat

I’ve managed to get Recall working in full on a non-Copilot+ system, without an NPU. Will accelerate testing.

GossiTheDog OP , vor einem Monat

Copilot+ Recall feature pop quiz:

You deal with a sensitive matter on my Windows PC. E.g. an email you delete. Does Copilot Recall still store the deleted email?

Answer: yes. There's no feature to delete screenshots of things you delete while using your PC. You would have to remember to go and purge screenshots that Recall makes every few seconds.

If you or a friend use disappearing messages in WhatsApp, Signal etc, it is recorded regardless.

GossiTheDog OP , vor einem Monat

It comes up a lot as people are rightly confused, but if you wonder what problem Microsoft are trying to solve with Recall:

It isn't them being evil, it's business leaders who are middle aged and can't remember what they're doing driving decision making about which problems to solve.

A huge amount of business leaders are dudes who have no idea what the fuck is happening. This leads to the Recall feature.

Microsoft exists in and is driven by that bubble.

GossiTheDog OP , vor einem Monat

I asked Microsoft Copilot to write a song about Copilot+ Recall.

video/mp4

GossiTheDog OP , vor einem Monat

Managed to find out how BBC News printed in a headline story that it was not possible to steal Recall data without being physically at the device (which is false) - this is from the journalist:

GossiTheDog OP , vor einem Monat

Some screenshots of Recall's SQLite database here: https://mastodon.social/@detective/112513529733646088

Just to clarify, I can access it without SYSTEM too. Microsoft are about to set cybersecurity back a decade by empowering cyber criminals via poor AI safety. Feature ships in a few weeks.

GossiTheDog OP , vor einem Monat

The latest Risky Business episode on Recall is good, but one small correction - it doesn’t need SYSTEM rights.

Here’s a video of two MSFT employees gaining access to the Recall database folder - with SQLite database right there. Watch their hacking skills. (You don’t need to go this length as an attacker, either). Cc @riskybusiness

I’m not being hyperbolic when I say this is the dumbest cybersecurity move in a decade. Good luck to my parents safely using their PC.

video/mp4

GossiTheDog OP , vor einem Monat

Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster.

My look at the feature, FAQs from the community etc

https://doublepulsar.com/recall-stealing-everything-youve-ever-typed-or-viewed-on-your-own-windows-pc-is-now-possible-da3e12e9465e

GossiTheDog OP , vor einem Monat

this is the out of box experience for Windows 11's new Recall feature on Copilot+ PCs. It's enabled by default during setup and you can't disable it directly here. There is an option to tick "open Settings after setup completes so I can manage my Recall preferences" instead.

HT @tomwarren

GossiTheDog OP , vor einem Monat

You allow BYOD so people can pick up webmail and such. It’s okay, because when they leave you revoke their access, and your MDM removes all business data from the machine ✅

What the employee does: opens Recall, searches their email, files etc and pastes the data elsewhere.

Nothing is removed from Recall, as it is a photographic memory of everything the former employee did.

GossiTheDog OP , vor einem Monat

Just in time for Copilot+ Recall!

GossiTheDog OP , vor einem Monat

Security and privacy researchers - You can now install Copilot+ Recall on any ARM hardware (doesn’t need an NPU) or in Azure VMs.

Guide from @detective

The devices launch THIS MONTH to customers so I suggest people look at this.

https://github.com/thebookisclosed/AmperageKit

GossiTheDog OP , vor einem Monat

Nvidia just announced that Copilot+ and Recall are coming to AMD systems. https://www.theverge.com/2024/6/2/24169568/microsoft-copilot-plus-gaming-pc-nvidia-amd

GossiTheDog OP , vor einem Monat

Somebody made a tool called Total Recall to dump Recall database and screenshots. https://x.com/xaitax/status/1797349055917416457?s=46

GossiTheDog OP , vor einem Monat

Recent DHS published report handed to the US President which said it had "identified a series of Microsoft operational and strategic decisions that collectively pointed to a corporate culture that deprioritized enterprise security investments and rigorous risk management"

Microsoft: let’s use AI to screenshot everything users do every 5 seconds, OCR the screenshots, make it searchable and store it in AppData!

Tkn GIF by ROSALÍA

GossiTheDog OP , vor einem Monat

Searching Recall database for passwords with @awakecoding

video/mp4

GossiTheDog OP , vor einem Monat

🫡

GossiTheDog OP , vor einem Monat

If anybody is wondering if you can enable Recall on a machine remotely without Copilot+ hardware support - yep.

I’ve also found a way to disable the tray icon.

GossiTheDog OP , vor einem Monat

I went and looked at YouTube for Recall to get out of the echo chamber and I can only find one positive video. Even the people at the event are slating it, including people with media provided Copilot+ PCs.

There’s some content creators who’ve realised it records their credit cards, so they’re making videos of their cards going walkies.

image/jpeg
image/jpeg
image/jpeg

GossiTheDog OP , vor einem Monat

It’s going to be interesting to see how Microsoft get out of this one. They may have contractual commitments to ship Recall with external parties.

I thought they were risking crashing the Copilot brand with this one, but I was wrong looking at the videos and comments on them - I think they’re crashing the Windows consumer brand.

The reaction to photographic memory of what people do at home has - you’ll be surprised to know - not been seen as a reason to buy a device, but a reason why not to.

GossiTheDog OP , vor einem Monat

Windows Central, about the only outlet giving Recall positive coverage and having articles tweeted by Microsoft staff - have updated their take after being hands on with a device. https://www.windowscentral.com/software-apps/windows-11/microsoft-should-recall-windows-recall-security-researcher-finds-microsofts-new-ai-tool-woefully-insecure

GossiTheDog OP , vor einem Monat

Microsoft has been declining to comment on criticism of Recall for a week - but they have apparently told a journalist off the record at Future that changes will be made before Copilot+ devices drop in the coming days.

This may include an attempt to invalidate researcher criticism, we’ll see.

GossiTheDog OP , vor einem Monat

WIRED has a piece about Total Recall, a now released tool which dumps keypresses, text and screenshots (they’re JPEGs) from Microsoft Recall

https://www.wired.com/story/total-recall-windows-recall-ai/

Total Recall software by @xaitax https://github.com/xaitax/TotalRecall

Example search for ‘password’:

🪟 Captured Windows: 133
📸 Images Taken: 36
🔍 Search results for 'password': 22

📄 Summary of the extraction is available in the file:
C:\Users\alex\Downloads\TotalRecall\2024-06-04-13-49_Recall_Extraction\TotalRecall.txt

GossiTheDog OP , vor einem Monat

I hadn’t been aware until today of the external reaction to Recall. Holy shit. Tim Apple must be pleased.

Everything from media coverage to YouTube to TikTok is largely negative. All the comments are negative.

These videos have tens of millions of views and hundreds of thousands of comments.

I knew it would be bad but.. it’s worse. I’ve spent hours looking at the sentiment and.. well, they probably would have got better coverage from launching an NFT of pregnant Clippy.

image/jpeg
image/png
image/jpeg

GossiTheDog OP , vor einem Monat

A key element of Recall is Microsoft say only you can access your Recall, it is per user.

ArsTechnica enabled Recall on Windows 11 box and tested the claim. By logging in as another user they could access the database and screenshots.

https://arstechnica.com/ai/2024/06/windows-recall-demands-an-extraordinary-level-of-trust-that-microsoft-hasnt-earned/

GossiTheDog OP , vor einem Monat

If you want to know how Microsoft have got themselves into this giant mess with Recall, here’s what the documentation says between the lines:

you, the customer, are a simpleton who doesn’t want to be an AI genius yet. Have a caveman mode.

GossiTheDog OP , vor einem Monat

Recall and Copilot+ is also coming to ASUS systems, including AMD, in a deal with Microsoft.

ASUS Announces Complete Portfolio of AI-Powered Copilot+ PCs https://www.asus.com/us/news/pnm9tg6qccql6ern/

Nvidia announced they are bringing Copilot+ and Recall to PCs, in a deal with Microsoft: https://www.theverge.com/2024/6/2/24169568/microsoft-copilot-plus-gaming-pc-nvidia-amd

GossiTheDog OP , vor einem Monat

Three Copilot+ Recall questions that keep coming up.

Q. Can you alter the Recall history?

A. Yes. You can change the OCR database and change the screenshots as the logged in user or as software running as the local user. There is no audit log of changes.

Q. Are they snapshots, as Microsoft says, or screenshots?

A. They are just screenshots, jpegs.

Q. What is to stop apps on your machine accessing your Recall covertly?
A. Nothing. There is no audit log of access.

GossiTheDog OP , vor einem Monat

.@awakecoding becomes the latest person reverse engineering Microsoft Recall https://x.com/awakecoding/status/1798168395583746216

GossiTheDog OP , vor einem Monat

If anybody is wondering what Microsoft's reaction to any of the Copilot+ Recall concerns are, they're continuing to decline comment to every media outlet.

I've seen comments MS staff have been given for enterprise customers, which are nonsense handwaving.

Product ships live on devices from Dell, Lenovo etc this month. https://x.com/zacbowden/status/1798221879741931847

GossiTheDog OP , vor 29 Tagen

As @tiraniddo rightly points out, anybody can programmatically reach the Recall database without admin rights. https://infosec.exchange/@tiraniddo/112566044174482506

GossiTheDog OP , vor 29 Tagen

TotalRecall has been updated to exfiltrate Recall database and screenshots without needing admin rights: https://github.com/xaitax/TotalRecall

GossiTheDog OP , vor 29 Tagen

You can now remotely dump Recall data and screenshots over the internet from Linux etc. Changes in flight for parsing data too.

https://github.com/Pennyw0rth/NetExec/pull/335

GossiTheDog OP , vor 29 Tagen

YouTubers are continuing to have fun with Recall

video/mp4

GossiTheDog OP , vor 28 Tagen

Turns out speaking out works.

Microsoft are making significant changes to Recall, including making it specifically opt in, requiring Windows Hello face scanning to activate and use it, and actually encrypting the database.

There is obviously going to be devils in the details - potentially big ones.

Microsoft needs to commit to not trying to sneak users to enable it in the future, and it needs turning off by default in Group Policy and Intune for enterprise orgs.

https://www.theverge.com/2024/6/7/24173499/microsoft-windows-recall-response-security-concerns