The Information Commissioner’s Office (ICO) is investigating a new Microsoft feature that records users’ laptop screens every two seconds.
The recall feature will be installed on the new one Microsoft laptops and is part of their Artificial Intelligence (AI) program Copilot+.
The feature will record everything the user does by taking screenshots every few seconds. It then allows the user to scroll back through their activity and search.
However, after security concerns were raised about the feature, the ICO said: “We are making inquiries with Microsoft to understand safeguards to protect user privacy.”
Recall is designed to “help you more easily find and remember things you’ve seen using natural language,” according to Microsoft, using AI and “photographic memory.”
For example, if a user was shopping online and spotted a nice brown leather bag, days later they could search for “brown leather bag” in the recall.
He would then pull up screenshots of the time they were looking at the brown leather bag and link them to the web pages they were on. It would also search through images, documents, presentations and files and pull up anything relevant on their laptop.
It can even suggest actions the user might want to take related to their search.
However, one cyber security The expert described the new feature as a “grab and go” target for criminals.
“With this feature, endpoints will suddenly become a more lucrative target,” said Muhammad Yahya Patel, lead security engineer at Check Point, a cybersecurity company.
“It’s a one-off attack for criminals, like a grab-and-go, but with Recall they’ll basically have everything in one place.”
Keep up to date with all the latest news from the UK and around the world with Sky News
Tap here
Read more on Sky News:
GCHQ chief says China ‘undermining internet security’
Data stolen from the NHS published on the dark web
Microsoft said all files will be stored locally on users’ laptops and “will not be accessed by Microsoft or anyone who does not have access to the device,” which should reduce the risk of hackers accessing files in a cloud-based system.
However, the files will not be censored in any way when they are stored, meaning that personal information such as visible passwords or visible medical information will be retained in the screenshots.
If the user’s laptop hacked there are concerns that highly sensitive data could become easily accessible.
“Imagine the goldmine of information that will be stored on the machine and what threat actors can do with it,” Mr Patel said.
Charlie Milton, vice president of cybersecurity firm Censornet, said the feature increases the risk of fraud by potentially allowing hackers to understand their victims’ lifestyles.
“As [hacker]the first thing I’m going to do is go and look at all the screenshots of what you’ve been doing recently to understand your behavior,” he said.
“If I’m going to try to make some money off of you, the best way to do it is to pretend you’re someone you’re likely to wire money to and that you’ve worked with in the last 48 hours, and then say my bank account information has changed.
“It would give those malicious actors a really good understanding of user behavior and recent user behavior so they can influence you. That’s really significant.”
Microsoft told the BBC that a would-be hacker would need to gain physical access to the device, unlock it and log in before they could access saved screenshots.
In a blog post about the new feature, Microsoft also said the user is “always in control” and can “delete individual recordings, adjust and delete time ranges in settings, or pause at any time.” They can also stop the recording feature of certain apps and websites.