In this week’s update, we will be looking at privacy and security concerns revolving around Microsoft’s upcoming Recall AI, as well as a new activity from known spyware, LightSpy, targeting Apple iOS devices.

Security and privacy worries over Microsoft’s Recall AI

Microsoft has delayed the release of its AI tool, Recall, once more, prioritizing security concerns. Recall, integrated into Microsoft’s Copilot+ AI Assistant, allows users to retrieve “snapshots” of past PC activities—such as viewing websites or documents—through searchable history. While the feature offers convenience, security experts worry it could be exploited by cybercriminals if not adequately protected.

Responding to these concerns, Microsoft has reinforced Recall’s security, stating that the tool uses encryption, requires user opt-in, and stores data in a secure enclave, inaccessible even by high-level system accounts without biometric verification. They also state that Recall excludes sensitive information, like credit card numbers, from storage and allows users to delete data selectively. With all that said, the latest release has been postponed until December to implement additional protections.

Meanwhile, it has been observed that Microsoft may be watching the security responses to a similar feature in Anthropic’s Claude AI, which also captures computer snapshots.

Critics also highlight inherent privacy risks in tools like Recall. Suggesting Microsoft’s data collection could serve AI training rather than purely user convenience. All in all, experts recommend caution until Recall’s protections are fully verified.

Microsoft Recall concerns TL;DR

Microsoft has postponed the release of its AI tool, Recall, to address security concerns and privacy issues. Privacy experts suggest Microsoft may be taking cues from Anthropic’s similar feature in Claude AI. Concerns linger that Recall’s data collection could support AI training, with experts advising caution until protections are confirmed.

New spyware targeting iOS has destructive capabilities

Cybersecurity researchers have identified an enhanced version of the LightSpy spyware targeting Apple iOS devices. This updated variant expands its surveillance capabilities and introduces destructive features that can render infected devices inoperable.

The spyware is delivered through a WebKit exploit, exploiting a memory corruption vulnerability (CVE-2020-3837) to install itself. Once active, LightSpy’s modular architecture allows it to capture a wide array of sensitive information, including Wi-Fi details, screenshots, location data, iCloud Keychain contents, and communications from apps like WhatsApp and WeChat.

The latest version has increased its plugins to 28, some of which can delete media files, SMS messages, and contacts. The spyware can even prevent the device from booting. The exact method of distribution remains unclear, though it’s suspected to involve watering hole attacks. Evidence suggests the operators may be based in China, as the spyware recalculates location coordinates using a system exclusive to the country.

New LightSpy attack focus TL;DR

A new, advanced version of LightSpy spyware targets iOS devices via a WebKit exploit. This enables extensive data theft and potential device disablement. It collects sensitive info like location and app data and can even delete files or prevent the device from booting. The spyware shows the importance of regular device updates to protect against such threats.

Keep confidential data safe

These stories highlight the rapid growth of technology—both commercial and malicious—and the confidentiality challenges that come with it. It’s crucial that organizations know where their data is stored and to understand who or what has access to it.

For guidance on securing confidential data at the endpoint, reach out to us! Learn how ThinScale can help safeguard sensitive information in corporate environments, traditional offices, and even BYOD-based remote work setups.