Cybersecurity experts have discovered that Copilot AI can access encrypted passwords on Windows 10 and 11. A simple query can retrieve them.
Whether you like it or not, Copilot artificial intelligence is now an integral part of Windows 10 and Windows 11. It's clear that Microsoft is pushing its AI hard, regularly adding new features and integrating it wherever it can be useful. You don't have to use it, of course, but even then, Copilot continues to exist on your computer and other people can exploit it for malicious purposes.
This is what cybersecurity experts at Pen Test Partners discovered. They looked in particular at the recent integration of Copilot into Sharepoint, Microsoft's file management solution generally used in businesses. The AI takes the form of a conversational agent, essentially a chat window in which you can ask it questions and make requests. Except that some are particularly dangerous.
Hackers can use Copilot AI to access your passwords
The specialists first spotted a file called Passwords.txt in a company's Sharepoint. As its name suggests, it contains many passwords. When you try to open the document, Sharepoint does its job by denying access regardless of the method used. This is where Copilot comes in. An expert simply asks the AI to give them the contents of the file, explaining that they cannot see it, and the agent immediately executes.
So it seems there is a problem with the management of access permissions. The PC respects them, but Copilot doesn't care. Until Microsoft does something about this, the simplest solution is to configure the most sensitive files so that only you can access them. A more radical solution is to completely uninstall the Copilot AI from Windows. In addition to the necessary manipulations, which aren't necessarily within everyone's reach, this deprives you of all the other benefits of AI. So, not ideal.
0 Comments