Microsoft will soon introduce a novel AI-powered restore feature that takes screenshots of everything you do on your computer. Recall is part of the novel Copilot Plus computers that will debut on June 18, but experts who have tested the feature are already warning that Recall could be a “disaster” for cybersecurity.
Recall is designed to utilize local AI models to take screenshots of everything you see or do on your computer, then let you search and download anything in seconds. There’s even a clear timeline you can scroll through. Everything in Recall is designed to stay local and private on your device, so no data is used to train Microsoft’s AI models.
Despite Microsoft’s promises of secure and encrypted software recovery, cybersecurity expert Kevin Beaumont discovered that the AI-powered feature has some potential security vulnerabilities. Beaumont, who briefly worked at Microsoft in 2020, was testing the Recall feature last week and discovered that the feature stores data in the database in plain text. This may make it minor for an attacker to utilize malware to extract the database and its contents.
“Screenshots are taken every few seconds. They are automatically recognized using the OCR method by the Azure artificial intelligence running on your device and saved in the SQLite database in the user’s folder,” he explains. Beaumont in a detailed blog post. “This database file contains a record of everything you have ever viewed on your computer in plain text.”
Beaumont shared an example of a plain text database in X, chiding Microsoft for telling the media that a hacker couldn’t remotely extract Recall activity. The database is stored locally on your PC, but if you are the administrator of your PC, you can access it from the AppData folder. Two Microsoft engineers demonstrated this in Build recently, and Beaumont says the database is accessible even if you’re not an administrator.
There is concern that Recall will make it easier for malware and attackers to steal information. InfoStealer Trojans already exist that steal credentials and information from computers, and hackers are currently spreading this type of malware to steal and sell information. “Recall allows cybercriminals to automate the downloading of everything you have ever viewed in a matter of seconds,” says Beaumont.
Beaumont mined its own Recall database and created a website where you can upload the database and search it instantly. “I’m purposely holding back the technical details until Microsoft delivers this feature because I want to give them time to do something,” he says.
Microsoft currently plans to enable Recall by default on Copilot Plus computers. From my own testing on the pre-release version of Recall, this feature is enabled by default when setting up a new Copilot Plus PC, and there is no way to disable it during the installation process unless you check the option, which then opens the Settings panel. Microsoft is supposedly however, we are discussing whether to change this setup process.
Reaction to Microsoft’s recall announcement was swift, including: privacy activists call it a potential “privacy nightmare” and the UK’s Information Commissioner’s Office stepping in to question Microsoft about its use of the AI-powered feature.
Microsoft maintains that the Recall feature is optional and that it has built privacy controls into it. You can disable certain URLs and applications, and Recall will not host any material protected by digital rights management tools. “Recall also does not take snapshots of certain types of content, including InPrivate web browsing sessions in Microsoft Edge, Firefox, Opera, Google Chrome, or other Chromium-based browsers,” Microsoft says in its FAQ page for clarification.
However, Recall does not moderate content, so it will not hide information such as passwords or financial account numbers in screenshots. “This data may reside in snapshots stored on your device, especially when sites do not utilize standard Internet protocols such as password masking,” Microsoft warns.
However, Microsoft’s FAQ page does not describe the possibilities for malware to attempt to steal the Recall database. “Recall snapshots are stored on the Copilot Plus computers themselves, on the local hard drive, and are protected by data encryption on your device and (if you have Windows 11 Pro or an enterprise version of Windows 11 SKU) by BitLocker,” Microsoft says.
As Beaumont points out, disk encryption is only good in certain scenarios. “When you log in to your computer and run the software, everything gets decrypted,” Beaumont explains. “Encryption at rest only helps if someone comes to your house and physically steals your laptop – that’s not what criminal hackers do.”
Microsoft may have to rework Recall or deprecate it if you want. There are clearly some obvious gaps in how data is stored that need to be addressed, and activating this opt-out option worries privacy activists. The launch of Recall comes just weeks after Microsoft CEO Satya Nadella urged employees to make security Microsoft’s “top priority,” even if that means prioritizing it over new features.
“If you’re faced with a trade-off between security and another priority, your answer is clear: Take care of your safety”, Nadella said (emphasis mine) in an internal memo obtained by Edge. “In some cases, this will mean prioritizing security above other things we do, such as releasing new features or providing ongoing support for legacy systems.”
Edge reached out to Microsoft to comment on security and privacy concerns surrounding Recall, but the company did not respond in time for publication.
