- OCR and image recognition data are stored in an insertable manner in OneDrive for Business, Experts of Experts
- Locally stored data put companies at risk of leaks
- Hybrid work amplifies safety challenges
Safety expert Brian Maloney criticized Microsoft for OneDrive’s storage for business files insertedly on user devices.
He claims that the popular cloud storage tool stores the data obtained from the Image OCR in an unwelcome database on account holders, which exposed them to a risk of data exfiltration .
Although there are advantages to storing data locally, it can cause security problems if storage is insufficiently protected, said Maloney.
OneDrive for file storage companies locally, but insert
Microsoft, with other companies like Apple, uses the OCR (optical recognition of characters) and image recognition to improve research and other features.
In a series of x messages, Maloney wrote: “Just a head. M $ is ocring all your images in OneDrive for business in a database not guaranteed on your desktop / laptop. Happy Friday. #Dfir. “”
Because the OCR is stored in gross text, attackers who manage to obtain access to databases can acquire potentially sensitive information from unknown victims.
Vx-andurgle.org added to Maloney’s work on X, sharing: “Any image recorded with OneDrive is stored locally in a SQLite file (for offline mode, or something).”
Although the equipment emitted by the company generally involved additional safety layers, such as encrypted storage, biometric safety and access to business systems via protected networks such as VPN, boom in hybrid work Now means that more workers access their commercial accounts, including OneDrive for business, based on their own personal equipment, which may not have such strong protection.
Techradar Pro asked Microsoft to comment on its decision not to protect the OCR databases, but we have not received an immediate response.
In the meantime, users must only consider the features they intend to use in order to minimize risks. Employees must also be vigilant to attacks, in particular by avoiding click on suspicious links and the sharing of online identification information.
