Microsoft is about to launch a new AI-powered summon feature that takes screenshots of everything you do on your computer. Recall is part of the new Copilot Plus computers that debut on June 18, but experts who have tested the feature are already warning that Recall could be a “disaster” for cybersecurity.
Recall is designed to use local AI models to screenshot everything you see or do on your computer, and then lets you search and retrieve everything in seconds. There’s even an exploration timeline that you can scroll through. Everything in Recall is designed to stay local and private to the device, so no data is used to train Microsoft’s AI models.
Despite Microsoft’s promises of a secure and encrypted Recall experience, cybersecurity expert Kevin Beaumont found that the AI-powered feature has some potential security flaws. Beaumont, who briefly worked at Microsoft in 2020, tested Recall over the past week and found that the feature stores data in a plain-text database. This can make it trivial for an attacker to use malware to extract the database and its contents.
“Screenshots are taken every few seconds. These are automatically recognized by the Azure AI running on your device and saved to an SQLite database in the user’s folder,” Beaumont explains in a detailed blog post. “This database file has a record of everything you’ve ever looked at on your computer in plain text.”
Beaumont shared an example of X’s plain-text database, chiding Microsoft for telling the media that a hacker could not remotely break into the Recall activity. The database is stored locally on a computer, but is accessible from the AppData folder if you are a computer administrator. Two Microsoft engineers demonstrated this recently at Build, and Beaumont claims the database is accessible even if you’re not an administrator.
The fear is that Recall makes it easier for malware and attackers to steal information. InfoStealer Trojans already exist to steal credentials and information from computers, and hackers are currently distributing this type of malware to steal and sell information. “Recall allows threat actors to automate the deletion of everything you’ve ever viewed in seconds,” says Beaumont.
Beaumont has exfiltrated its own Recall database and created a website where you can upload a database and instantly search it. “I’m intentionally holding back the technical details until Microsoft ships the feature because I want to give them time to do something,” he says.
Microsoft currently plans to enable Recall by default on Copilot Plus computers. In my own testing of a pre-release version of Recall, the feature is enabled by default when you set up a new Copilot Plus PC, and there’s no option to disable it during the setup process unless you check an option, which then opens the settings panel. However, Microsoft is reportedly debating whether to change this setup process.
Reaction to Microsoft’s seizure announcement was swift, with privacy advocates calling it a potential “privacy nightmare” and the UK’s Information Commissioner’s Office stepping in to question Microsoft about its use of the AI-powered feature.
Microsoft claims that Recall is an optional experience and that it has built privacy controls into the feature. You can disable certain URLs and applications, and Recall will not store any material that is protected by digital rights management tools. “Recall also does not take snapshots of certain types of content, including InPrivate web browsing sessions in Microsoft Edge, Firefox, Opera, Google Chrome, or other Chromium-based browsers,” Microsoft says on its FAQ page for an explanation .
However, Recall does not moderate content, so it will not hide information such as passwords or financial account numbers in its screenshots. “This data may be in snapshots that are stored on your device, especially when sites do not follow standard Internet protocols such as masking password entry,” Microsoft warns.
However, Microsoft’s FAQ page does not address the potential for malware to attempt to steal the Recall database. “Download snapshots are stored on the Copilot Plus computers themselves, on the local hard drive, and are protected using data encryption on your device and (if you have a Windows 11 Pro or Enterprise Windows 11 SKU) BitLocker,” says Microsoft.
As Beaumont notes, disk encryption is only good for certain scenarios. “When you’re logged into a computer and run software, things are deciphered for you,” Beaumont explains. “Encryption at rest only helps if someone comes into your house and physically steals your laptop – that’s not what criminal hackers do.”
Microsoft may end up having to rework Recall or pull it if you want. Obviously, there are some glaring holes in the way data is stored here that need to be addressed, and making this an opt-out experience is of concern to privacy campaigners. The launch of Recall comes just weeks after Microsoft CEO Satya Nadella urged employees to make security a “top priority” at Microsoft, even if that means prioritizing it over new features.
“If you are faced with a trade-off between security and another priority, your answer is clear: Do security,” Nadella (emphasis his) said in an internal memo obtained by On the edge. “In some cases, this will mean prioritizing security over other things we do, such as releasing new features or providing ongoing support for legacy systems.”
On the edge reached out to Microsoft for comment on security and privacy concerns with Recall, but the company did not respond in time for publication.
