SPONSORED
Elevate Magazine
June 5, 2024

Windows 11’s New Recall Feature Triggers Security Concerns

recall feature1 min

Microsoft is set to introduce a new artificial intelligence-driven feature that captures screenshots of everything you do on your PC. This Recall feature is part of the new Copilot+ PCs launching on June 18th. However, experts who have tested Recall are already warning it could be a “disaster” for cybersecurity.

Recall uses local AI models to take screenshots of all activities on your computer, which allows users to search and retrieve any information quickly. The feature includes an explorable timeline for easy navigation. Microsoft asserts that all data in Recall stays local and private and is not used to train its AI models.

However, despite Microsoft’s assurances of a secure and encrypted Recall experience, cybersecurity expert Kevin Beaumont has identified potential security flaws. Beaumont, who briefly worked at Microsoft in 2020, has tested Recall over the past week and found that it stores data in plain text in a database, which makes it easy for attackers to extract the database contents using malware.

“Every few seconds, screenshots are taken, OCR’d by Azure AI running on your device, and saved into an SQLite database in the user’s folder,” Beaumont explains in a blog post. “This database file keeps a plain text record of everything viewed on your PC.”

Beaumont demonstrated the plain text database on X, criticising Microsoft for claiming that hackers cannot remotely exfiltrate Recall activity. Although the database is stored locally, it is accessible from the AppData folder for PC administrators. Beaumont added that the database is accessible even without admin privileges.

The concern is that Recall could simplify the theft of information for malware and attackers. InfoStealer trojans already exist to steal credentials and data from PCs, and hackers distribute such malware to steal and sell information. “Recall enables threat actors to automate scraping everything you’ve ever viewed within seconds,” says Beaumont.

Beaumont has extracted his own Recall database and created a website where users can upload a database to search it instantly. “I am deliberately withholding technical details until Microsoft ships the feature to give them time to address the issues,” he says.

recall feature3 min
Photo courtesy: Microsoft

Microsoft plans to enable Recall by default on Copilot+ PCs. In personal testing of a prerelease version, the feature was active by default during the initial setup of a new Copilot+ PC, with the option to disable it only accessible through the Settings panel. Microsoft is reportedly reconsidering this setup process.

The announcement of Microsoft’s Recall feature has elicited a swift response, with privacy advocates labelling it a potential “privacy nightmare,” and the UK’s Information Commissioner’s Office is currently investigating the AI-powered feature with Microsoft.

Microsoft insists Recall is optional and includes privacy controls. Users can disable certain URLs and apps, and Recall won’t store material protected by digital rights management tools. “Recall also does not capture snapshots of certain content types, including InPrivate web browsing sessions in Microsoft Edge, Firefox, Opera, Google Chrome, or other Chromium-based browsers,” Microsoft states in its FAQ page.

However, Recall does not moderate content, meaning it won’t hide information like passwords or financial account numbers in screenshots. “That data may appear in snapshots stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry,” Microsoft warns.

Moreover, Microsoft’s FAQ does not address the potential for malware to steal the Recall database. “Recall snapshots are stored locally on Copilot Plus PCs, protected using data encryption and BitLocker (for Windows 11 Pro or enterprise SKUs),” says Microsoft.

Beaumont points out that disk encryption only helps in specific scenarios. “When you’re logged into a PC and run software, things are decrypted for you,” Beaumont explains. “Encryption at rest only helps if someone physically steals your laptop — that isn’t what criminal hackers do.”

recall feature2 min
Photo courtesy: Fortune

Microsoft may need to rework Recall, or even withdraw it. The way data is currently stored presents significant security issues, and making it an opt-out feature raises privacy concerns. Recall’s launch comes just weeks after Microsoft CEO Satya Nadella emphasised making security Microsoft’s “top priority,” even over new features.

“If you’re faced with the tradeoff between security and another priority, your answer is clear: Do security,” Nadella stated. “In some cases, this will mean prioritising security above other things we do, such as releasing new features or providing ongoing support for legacy systems.”

Despite the new feature, Microsoft is struggling with its campaign, as its latest operating system scrambles with a low adoption rate amidst these security concerns.