Is Microsoft intentionally making this exploitable? I knew it was only a matter of time before Recall would be compromised, but this shows they aren't even trying to secure it.
The opposite extreme is also worrisome: Imagine if they tried to make it totally opaque and impossible to read even by the user generating the data--that'd be a different kind of Messed Up.
P.S.: I'm sympathetic to the concept that "whole-disk encryption will protect this from most thieves", but I hope there's at least a little more defense-in-depth against other programs running as the user, snooping on that data without user-permission.
I mean, a malicious third-party screen-capture/keylogger program might be detectable by heuristics, but not-so-much if it can just indirectly draw from the stream of data being generated by pre-approved default program from the OS manufacturer...
It’s supposedly only accessible to LocalSystem. If they were to encrypt it, it could just be decrypted anyway. Still, it’s a huge liability and a major blunder by Microsoft.
P.S.: I'm sympathetic to the concept that "whole-disk encryption will protect this from most thieves", but I hope there's at least a little more defense-in-depth against other programs running as the user, snooping on that data without user-permission.
I mean, a malicious third-party screen-capture/keylogger program might be detectable by heuristics, but not-so-much if it can just indirectly draw from the stream of data being generated by pre-approved default program from the OS manufacturer...