Microsoft is about to launch a new AI-powered Recall feature that will take screenshots of everything you do on your computer. Recall is part of the new Copilot Plus computers that debut on June 18, but experts who have tested the feature are already warning that Recall could be a “disaster” for cybersecurity.
Recall is designed to use local AI models to capture everything you see or do on your computer, then give you the ability to search and retrieve anything in seconds. There’s even an explorable timeline that you can scroll through. Everything in Recall is designed to stay local and private to the device, so no data is used to train Microsoft’s AI models.
Despite Microsoft’s promises of a secure and encrypted Recall experience, cybersecurity expert Kevin Beaumont found that the AI-based feature has some potential security flaws. Beaumont, who worked briefly at Microsoft in 2020, tested Recall over the past week and found that the feature saves data to a database in plain text. This could make it trivial for an attacker to use malware to extract the database and its contents.
“Screenshots are taken every few seconds. These are automatically recognized by Azure AI, run on your device, and written to an SQLite database in the user’s folder,” Beaumont explains in a detailed blog post. “This database file contains a record of everything you’ve ever seen on your PC in plain text.”
Beaumont shared an example of a plain-text database on X and berated Microsoft for telling the media that a hacker could not remotely exfiltrate Recall activity. The database is stored locally on the PC, but if you are an administrator on the PC, it is accessible from the AppData folder. Two Microsoft engineers demonstrated this at Build recently, and Beaumont says the database is accessible even if you’re not an administrator.
He worries that Recall makes it easier for malware and attackers to steal information. InfoStealer Trojans already exist to steal credentials and information from computers, and hackers are currently distributing this type of malware to steal and sell information. “Recall allows threat actors to automate the scraping of everything you’ve ever looked at in seconds,” says Beaumont.
Beaumont exfiltrated his own Recall database and created a website where you can upload the database and search it instantly. “I’m deliberately holding back the technical details until Microsoft ships this feature because I want to give them time to do something,” he says.
Microsoft currently plans to enable Recall by default on Copilot Plus computers. In my own testing on a pre-release version of Recall, this feature is enabled by default when you set up a new Copilot Plus computer, and there is no way to disable it during the setup process unless you check the option, which then opens the Settings panel. . However, Microsoft is reportedly debating whether to change this setup process.
Reaction to the Microsoft Recall announcement was swift, with privacy campaigners calling it a potential “privacy nightmare” and the UK Information Commissioner’s Office stepping in to ask Microsoft if it was using an AI-powered feature.
Microsoft says that Recall is an optional experience and that it has built privacy controls into the feature. You can disable certain URLs and applications, and Recall will not store any material that is protected using digital rights management tools. “Recall also does not take snapshots of certain types of content, including InPrivate web browsing sessions in Microsoft Edge, Firefox, Opera, Google Chrome, or other Chromium-based browsers,” Microsoft says on its FAQ page.
However, Recall does not moderate content, so it will not hide information such as passwords or financial account numbers in its screenshots. “This data may be in snapshots that are stored on your device, especially when sites do not follow standard Internet protocols, such as entering a masking password,” warns Microsoft.
However, Microsoft’s FAQ page does not address the potential for malware to attempt to steal the Recall database. “Download images are stored on the Copilot Plus computers themselves, on a local hard drive, and are protected using data encryption on your device and (if you have a Windows 11 Pro or Windows 11 Enterprise SKU) BitLocker,” says Microsoft.
As Beaumont points out, disk encryption is only good for certain scenarios. “When you log into your computer and run the software, things are decrypted for you,” explains Beaumont. “Encryption at rest only helps if someone comes into your house and physically steals your laptop – that’s not what criminal hackers do.”
Microsoft may find itself in a situation where it needs to rework Recall, or revoke it if you will. There are clearly some glaring holes in the way data is stored here that need to be addressed, and privacy activists are concerned about the possibility of opting out. The launch of Recall comes just weeks after Microsoft CEO Satya Nadella urged employees to make Microsoft’s security a “top priority,” even if that means putting security ahead of new features.
“If you are faced with a trade-off between security and another priority, your answer is clear: Do security” Nadella (emphasis his) said in an internal memo he obtained The Verge. “In some cases, this will mean prioritizing security over other things we do, such as releasing new features or providing ongoing support for legacy systems.”
The Verge reached out to Microsoft for comment on security and privacy concerns with Recall, but the company did not respond in time for publication.