Windows 11's New Recall Feature Has Been Cracked To Run On Unsupported Hardware (theverge.com) 53
Last than two weeks after it was announced, "Windows enthusiasts have managed to crack Microsoft's flagship AI-powered Recall feature to run on unsupported hardware," reports The Verge. From the report: Recall leverages local AI models on new Copilot Plus PCs to run in the background and take snapshots of anything you've done or seen on your PC. You then get a timeline you can scrub through and the ability to search for photos, documents, conversations, or anything else on your PC. Microsoft positioned Recall as needing the very latest neural processing units (NPU) on new PCs, but you can actually get it running on older Arm-powered hardware.
Windows watcher Albacore has created a tool called Amperage, which enables Recall on devices that have an older Qualcomm Snapdragon chip, Microsoft's SQ processors, or an Ampere chipset. You need to have the latest Windows 11 24H2 update installed on one of these Windows on Arm devices, and then the tool will unlock and enable Recall. [...] You can technically unlock Recall on x86 devices, but the app won't do much until Microsoft publishes the x64 AI components required to get it up and running. Rumors suggest both AMD and Intel are close to announcing Copilot Plus PCs, so Microsoft's AI components for those machines may well appear soon. I managed to get Recall running on an x64 Windows 11 virtual machine earlier today just to test out the initial first-run experience.
Windows watcher Albacore has created a tool called Amperage, which enables Recall on devices that have an older Qualcomm Snapdragon chip, Microsoft's SQ processors, or an Ampere chipset. You need to have the latest Windows 11 24H2 update installed on one of these Windows on Arm devices, and then the tool will unlock and enable Recall. [...] You can technically unlock Recall on x86 devices, but the app won't do much until Microsoft publishes the x64 AI components required to get it up and running. Rumors suggest both AMD and Intel are close to announcing Copilot Plus PCs, so Microsoft's AI components for those machines may well appear soon. I managed to get Recall running on an x64 Windows 11 virtual machine earlier today just to test out the initial first-run experience.
lolwut (Score:4, Insightful)
There was such a demand for this feature that it was hacked into existence?
Re:lolwut (Score:5, Insightful)
Isn't that a lot of hacking though? It's not about the outcome, it's just being able to show it can done.
"Company says you can't do this" especially Microsoft and especially on Windows I feel like is just asking for attention.
Not Always (Score:3)
Isn't that a lot of hacking though? It's not about the outcome, it's just being able to show it can done.
I think most people would be far more impressed by hacking it out of existence on hardware where it is forced to run.
Contractual "Certificate of Destruction" (Score:2)
Many computer contracts, defense contracts, health insurance contracts require that the IT people involved certify that no customer data was retained and all copies of it have been destroyed.
How can you certify that a screen capture every 3 seconds is destroyed?
How can you certify that the metrics collected from a screen capture is destroyed?
Being stored locally is not a solution, the company does not want a record of each and everything that takes place in the workforce for legal reasons.
Re:lolwut (Score:5, Insightful)
That it was so quickly hacked to run on unsupported hardware certainly highlights how secure this feature is, and what a security risk it is in concept.
Leave screen recorders to separate products to be proactively installed and used in the specific environments when needed. Not just "there in everyone's PC" by default.
Re: (Score:2)
You'll never make it secure enough to dodge law enforcement. If you can access such info, a judge with your password can, too.
And criminals are no slouches penetrating Windows systems, either.
note to self: must rewrite this old joke: (Score:2)
That it was so quickly hacked to run on unsupported hardware certainly highlights how secure this feature is, and what a security risk it is in concept.
Microsoft Outlook (LookOut!) is a massive security risk that doubles as an email client.
Free bonus joke:
Q: How many Microsoft engineers does it take to change a light bulb?
A: None. Microsoft can declare darkness to be the new standard.
Re:lolwut (Score:4, Informative)
"But I don't see how the fact that some people got the feature to run on unsupported hardware is proof that it's insecure"
The crack shows that the restriction was enforced by the access control mechanism, not an technical inability to run. The access control mechanism in this case should net even have an interface to enable the feature after installation, yet was easily overcome. The interface for the user to enable the feature on supported hardware is intentional thus even in the worst case is no harder to overcome, since you can just use the same mechanism as for evading the unsupported hardware check, and is likely even easier.
Re: (Score:3)
So to get thing straight, someone cracking a windows component that requires administrator privileges on the target machine to execute shows that the windows component is a huge risk because that component can potentially access screenshot data?
I feel like you overlocked Step 1 when judging what the biggest security flaw here was. Hint: If you let someone crack anything on your computer, you've already lost, it doesn't matter if it's Notepad.exe or the Freakout-Du-Jour Recall.
Re: (Score:2)
So you just compared getting Linux to run on unsupported hardware to getting a piece of software(recall) to work inside another piece of software (windows). That's hardly an Apples to Apples comparison.
Getting Linux to run on say, a PS3, shows the PS3 wasn't secure against running alternative operating systems. Getting beta software (recall) running on old hardware shows how insecure this software was implemented within Windows 11, considering this is suppose to be one of the ways future hardware vendors in
Nepomuk (Score:3)
Re: (Score:2)
There was such a demand for this feature that it was hacked into existence?
More likely it was just someone using it to call out Microsoft's marketing bullshit. A lot of features suddenly found themselves requiring NPUs which worked just fine in Windows Dev/Canary channels without them (DirectSR being another such feature). If it takes a hack to call out Microsoft's marketing lies, then I'm all for it.
No one needs to run this.
Just because you can do something (Score:5, Insightful)
doesn't mean you should.
Re:Just because you can do something (Score:5, Insightful)
doesn't mean you should.
Someone should have told Microsoft that when it thought up this Recall "feature".
I fully expect that, a year or so from now, we're gonna be learning what a security nightmare this new "feature" has become.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Why stop there! We need to ban that filth "Linux" stuff for personal computers and insist ALL personal and desktop/laptop computers run this software. For your own good. Think of the children!
Re: (Score:2)
Someone did and is in the process of clearing out of Redmond. 401k and stock intact, but MSFT career over.
I've watched and experienced this.
Re: (Score:2)
Re: Just because you can do something (Score:2)
Don't you mean, now they're disabled by default because nobody likes them?
Re: (Score:2)
Re: (Score:2)
Just stop running Windows on bare metal. Keep it contained inside of a VM and then make sure that VM is properly locked down at the network level to only communicate with trusted sources.
Or just stop running Windows period. Probably easier.
Re: (Score:2)
Re: (Score:2)
the most important hack since the "post my social security number and credit cards on the dark web for me" app!
weaponizing stupidity (Score:4, Funny)
Why, no.. not recently anyways... why do you ask?
Re: (Score:2)
There used to be "boss buttons" on some video games so if you were playing them at work and the boss came in you could pop up a fake spreadsheet to look industrious.
So Windows sufferers need the equivalent that loads a "safe" image into Recall instead of what's really on the desktop.
It would be even better if the image was something that would corrupt the AI snooper that is riffling through the images in search of marketable information.
Seems in character. (Score:5, Interesting)
Can you crack it to NOT run on supported hardware? (Score:5, Funny)
Asking for someone who isn't affected by this.
Requires the latest NPUs? (Score:3)
Really? So you can't run it using a CUDA/ROCm compatible graphics card, like say, every modern deep learning desktop box?
Derp.
Re: (Score:2)
Or it's just lame marketing talk and doesn't use serious compute in any way.
Re:Requires the latest NPUs? (Score:4, Informative)
Really? So you can't run it using a CUDA/ROCm compatible graphics card, like say, every modern deep learning desktop box?
Do you understand that those are just languages right? Not every CUDA program runs on every CUDA compatible card. Specifically a lot of actual deep learning stuff is done using libraries which require tensor cores limiting you to RTX series graphics cards or more likely V/B/H100 series hardware.
We are currently in the AI equivalent of graphic accelerators from 1998. A time where games were written to support both video accelerators (equivalent to NPUs) or software rasterising fallbacks (equivalent of throwing normal GPU cores at the problem). No I'm not going to even entertain the idea of running AI workloads on a CPU.
A lot of consumer AI software will target AI specific hardware and fallback to something slow and painful if it's not there. Kind of like how Topaz AI runs acceptably on an RTX2060, but like absolute rubbish on a GTX1080Ti despite the latter being objectively much faster at everything a GPU normally does.
That said... this has nothing to do with hardware. There's several features that work just fine without AI hardware that Microsoft has seemingly locked to the Snapdragon X under the guise of needing a neural processor just so they can try and sell more Surface laptops, e.g. their DirectSR system which "needs" the NPU but in reality was working just fine on normal hardware in the Canary/Dev Windows builds.
Re: (Score:2)
Well obviously that's not true for Windows Recall, otherwise it wouldn't of been cracked within a week to run on unsupported hardware. It appears that it ran just fine on older hardware and their is actually zero reason to buy new hardware to run this "feature".
Re: (Score:2)
Well obviously that's not true for Windows Recall, otherwise it wouldn't of been cracked within a week to run on unsupported hardware. It appears that it ran just fine on older hardware and their is actually zero reason to buy new hardware to run this "feature".
I didn't say it was, I only called out the lack of understanding of the OP about what CUDA is and means. Incidentally this surprised no one, and if you go back to the original story about Recall you'll notice my posts saying that this is a marketing restriction only and to expect Recall to be released on other archiectures as soon as Microsoft realised it's not helping sell Surface Laptops.
I also mentioned the same thing in another story: DirectSR - the AI resampler from Microsoft which is also "restricted
Re: (Score:2)
Really? So you can't run it using a CUDA/ROCm compatible graphics card, like say, every modern deep learning desktop box?
People do deep learning with ROCm? News to me (yes this is like 1% hyperbole, 99% true).
Why would you even!? (Score:5, Insightful)
This is like 'We Had a Form of Cancer That Only Metastasized in 1% of the Population But With This One Weird Trick We Figured Out How to Make it Terminal in 90% of the Population!'
Windows Recall is absolute cancer, a complete privacy and security nightmare, and it not running on most CPUs is the only thing good about it.
Re: (Score:1)
Re: (Score:2)
Security: It's encrypted on your machine. You are in charge of security. ... Okay ... okay I concede there are people out there stupid enough to not trust Microsoft and still run Windows, but for them, they are already running uncontrolled code from a company they don't trust, so Recall is the least of their problems.
Privacy: It's a Microsoft program. You either trust them (not a privacy problem), or you don't run windows (not a privacy problem).
Recall is the "freakout-du-jour" for Microsoft. People who can
Re: (Score:2)
It's common, isn't it?
I don't trust Microsoft, and *I* run from windows . . .
Re: (Score:2)
The actuality is worse than I even imagined in my 'wow this could be bad' thinking. The OCRed text from all your screenshots is stored in a plaintext SQLite Database, so anyone who gets access to your machine (say running a dataslurper trojan) now immediately has everything you've ever done. And that's just the start. https://arstechnica.com/ai/202... [arstechnica.com]
Basically, you're a complete dumbass if you use this as it is. They jammed it in with zero concern for security just to get more 'AI!' out there.
Misread as âoeto run unsolicited malwareâ (Score:2)
Why do snapshots need AI? (Score:2, Insightful)
Full disclosure: I can't be a***d to play with Copilot.
Various filesystems offered snapshots and roll-back facilities long before AI. I can't see what's the benefit here. I could see a gain in searching backups, but even there I find existing tools more than adequate.
Re: (Score:2)
Recall isn't a snapshot and rollback facility. What Recall does:
1. Grab a screenshot every 5 seconds.
2. Feed the screenshots to its AI.
3. ????
4. Profit!
Retrace your steps with Recall [microsoft.com]
why? (Score:1)
Can someone explain to me why someone would actually want this level of spyware on their PC?
Re: (Score:2)
On many occasions I'm trying to help someone fix something over the phone. Usually it's something I could do in 30 seconds if I could only see their screen (hence remote desktop being so useful). But with AI and Recall, maybe Windows could itself tell the user how to do something by watching what they are doing on the screen. So might be a good thing for self technical support.
But that's the only thing I could see that useful for.
Why (Score:2)
In my decades of computing, I have not for once needed something like recall. The so-called AI features most often have the best practical use cases in accessibility, which is an awesome development. In the coming decades, the aged population will be huge. MS is already living in the demented future.
Windows Crappiness Gaining Speed (Score:2)
Interesting choice... (Score:2)
Not sure why anyone would expend the effort for that particular feature. And I use Windows daily and there's a lot I like about Windows 11, but I am accepting that there will be this wave about putting Cortana 2.0, err, CoPilot in everything until this LLM craze flattens out.
Not that I mind smarter tools. It would be nice if I could type "Hey, I need to get milk when I am at the store" at, say, Cortana Redux and a polite notification would pop up when I am in a grocery store.
I know, privacy and all that, bu
"Windows enthusiasts"? (Score:2)