- cross-posted to:
- [email protected]
- cybersecurity
- cross-posted to:
- [email protected]
- cybersecurity
this rootless Python script rips Windows Recall’s screenshots and SQLite database of OCRed text and allows you to search them.
this rootless Python script rips Windows Recall’s screenshots and SQLite database of OCRed text and allows you to search them.
Wait so the malware won’t even need a rootkit first? Damn this is worse than I thought…
the screenshots and text are just sitting in the appdata folder, which requires no special permission to access
Nice 😂 having extra pw manager n stuff in secret encrypted file only temporary handle decrypted PWs in RAM etc. But then, if you accidentally click on the eye, boom screenShot PW saved as pic of clear Text, nice. Also all personal eBanking stuff etc. And of Course, if you stream Netflix, tons of copyright protected material, lol.
Nope, DRM protected content like Netflix is one of the few things it doesn’t capture, it’s even mentioned in Recall’s privacy section. I’ll admit that that’s likely due to technical reasons with how the video stream is decrypted and decoded on the GPU and is never actually accessible to the user, not necessarily because they wouldn’t want to save that as well.
Malware won’t even need to wait for the user to access something sensitive, they can just go back through the user’s Recall history and get the data for immediate exfiltration. No chance for anti-malware software to update and catch it before it does anything truly bad, it will just always be too late if given even a minute.