The data stored by Windows Recall may now be extracted over the Internet. There is a new module for the NetExec – The Network Execution Tool for Kali Linux. This may be used to get data from Windows Recall and access it on your Kali Linux machine.
This requires an SMB username and password for the remote machine, but this can easily access the data.
NetExec: https://github.com/Pennyw0rth/NetExec.
NeExec Recall module: https://github.com/Pennyw0rth/NetExec/pull/335.
Give this a try on a local LAN and see how you go with this. This shows that the SQLite database is not encrypted and may be accessed by any other user with Admin access.
However, the new management of Microsoft is embracing AI and leaving security behind. This is a far cry from the company’s state in 2014 or so.
Since this cat is bagless – you don’t need admin rights to steal the Recall database. https://t.co/v3J4w3ZxKA pic.twitter.com/NXaPX1gLNz
— Kevin Beaumont (@GossiTheDog) June 6, 2024
This is what the sample data from Windows Recall looks like. This is a sample web browsing session, this is all the data saved. URLs and text saved by OCR from web pages.
But Microsoft is winding back the functions of Recall. It will be opt-in and changed to be less invasive? Hopefully. The backlash is well deserved.
Today on the Microsoft blog the Vice President of Windows and Devices, Pavan Davuluri, released new information & updates on Microsoft Recall citing that they 'have heard feedback' on Microsoft Recall and have decided to make some changes to how it operates.
— vx-underground (@vxunderground) June 7, 2024
– You can now choose…