@buherator yeah I don't want to outright say recall data can or cannot be accessed without admin rights unless someone can find definitive evidence. TotalRecall doesn't properly answer that question in their FAQ.
@buherator yeah I'm viewing this from an attacker's perspective. If an infostealer were to grab that data, can be it decoded? Could there be some loophole allowing read access to another person's? If TotalRecall required admin rights, could the attacker just BYOVD or use some other LPE/EoP vulnerability to run it?
@buherator @screaminggoat
It's hard imagine any feature that would allow Recall to be usable for the end user, but not usable by malware on said end user's system.
@wdormann @buherator Bear with me: What if Microsoft adds an end-user license agreement (EULA) that specifically forbids an attacker's use of malware on said end user's system? Thus making hacking illegal; Boom, world peace solved.
@buherator @wdormann @screaminggoat That would still be pure cosmetics! I don’t see how they could prevent extraction of data without a dedicated hardware component for Recall data storage and processing, which would likely be too expensive for the PC market 🤷
@buherator @gossithedog hah I forgot about that blog post, probably where I came to the conclusion about it being to prevent enumeration :)
@buherator @screaminggoat
FTR, as TotalRecall is currently designed, you need to have admin privs even to access YOUR OWN Recall data.
But that's a limitation in how TotalRecall is currently implemented, as opposed to an aspect of Recall itself.
You do NOT need admin privs to access your own Recall directory contents. Just an appropriate token, which you can grab from another medium-IL process that's running in your session.
I've not seen evidence that you can access another user's Recall data without admin privs.
@buherator @screaminggoat
Or, as @tiraniddo has mentioned, just set the ACL on the special "restricted" directory. You own it after all.
@buherator @screaminggoat @tiraniddo @arstechnica
Regarding "Beaumont says admin access to the system isn’t required to read another user’s Recall database" part?
I don't believe that @GossiTheDog ever said such a thing. (I've seen no evidence that it's true).
I suspect this is an outcome of having played the telephone game.
@wdormann @buherator @screaminggoat @tiraniddo @arstechnica @GossiTheDog That’s definitely what he seems to be saying here, in his Medium Q&A post, though he didn’t go into detail (yet). Happy to publish an update if I’ve misunderstood what he was saying here, though. https://doublepulsar.com/recall-stealing-everything-youve-ever-typed-or-viewed-on-your-own-windows-pc-is-now-possible-da3e12e9465e
@wdormann @buherator @screaminggoat @tiraniddo @arstechnica @GossiTheDog
Will, what am I missing?
@dangoodin @wdormann @buherator @screaminggoat @arstechnica @GossiTheDog I think Microsoft implies you needed admin to read your own database files so it's "secure", but that's clearly not true. I also don't think Kevin was saying you could do it cross user as that's a much more serious problem.
@andrew_writes @buherator @screaminggoat @tiraniddo @arstechnica @GossiTheDog
You don't need to be an admin to read YOUR OWN database.
@wdormann @buherator @screaminggoat @tiraniddo @arstechnica that answer is in between two other answers about UAC not being a security feature and accessing someone else’s database from another account on the same PC, so the implication seemed clear to me, but if @GossiTheDog can clarify then obviously I’ll change it
@GossiTheDog @wdormann @buherator @screaminggoat @tiraniddo @arstechnica tl;dr can non-admin accounts access the Recall database of another user on the same PC?
@GossiTheDog @andrew_writes @buherator @screaminggoat @tiraniddo @arstechnica
You probably don't. 😂
Things you said got telephone gamed.
@andrew_writes @GossiTheDog @buherator @screaminggoat @tiraniddo @arstechnica
No. Unless you're SYSTEM or an Admin, you won't be able to read another user's Recall database.
@wdormann @GossiTheDog @buherator @screaminggoat @tiraniddo @arstechnica this is what I would normally assume of things in those system folders! But @GossiTheDog implied there were things he was holding back to give MS some time to respond/rework (they’ve done neither, at least not to me) so I may have read more into the post than was intended
@buherator @wdormann @screaminggoat @tiraniddo @arstechnica @GossiTheDog can confirm based on my own testing with Recall as it exists on a Windows Dev Kit 2023 that an admin *can* access another user’s recall data on the same PC by clicking through UAC prompts. And a non-admin can see THEIR OWN recall data. Only thing to clarify (at least for my purposes) is whether a non-admin user can see another user’s data somehow
@GossiTheDog @wdormann @buherator @screaminggoat @tiraniddo @arstechnica looking forward to it! Thanks all.