Skip to main content

The tech industry went crazy right after Microsoft announced its new AI-powered ‘Recall’ feature for Windows 11 Pro. With the continuous advancement in Artificial Intelligence, tech giants are in a fierce competition to develop cutting edge AI-powered products and tools. 

Recall is the latest innovation from Microsoft that is designed to enhance the capabilities of its AI assistant, Copilot. This technology that is designed to impact how users interact with their systems, has raised security concerns about its vulnerabilities. Recall is currently in review and is set to be rolled out along with Microsoft Copilot + PC.

According to Carolina Hernandez, Principal Product Manager for Windows AI Experience, Recall is an AI-driven feature that helps users to instantly locate anything they have seen or done on their PC. It works by taking screenshots of all user activities on their computer every 5 seconds, and leveraging the power of a Neural Processing Unit (NPU) to ensure the content remains on the device, thereby improving processing speed and maintaining privacy.

This implies that whenever you can’t remember where you performed a particular task or need to find something from the past, Recall can search the database and retrieve this item for you by using a simple natural language prompt.

Microsoft’s AI chatbot will ‘recall’ everything you do on a PC | AP Archive

However, the mere thought of Recall taking screenshots of a user’s activities has raised red flags by security experts. Many compare the feature to a  spyware that tracks and records every action performed on a device.

Security experts are concerned that the data collected by Recall could include sensitive information such as passwords, financial credentials, insight to emails and other private data. This data which is stored in a searchable database on the user’s device and decrypted when a user is logged in  serves as a perfect target for threat actors.

Alex Hagenah, a cybersecurity strategist and ethical hacker released a demo tool called TotalRecall that can automatically extract and display everything recorded by Recall. Experts pointed out that having screenshots of every activity of a user creates a storage of data that reflects a user’s personality, lifestyle and identity. If this database is compromised, cyber criminals could gain access to information which could be used to carry wider attacks including ransomware, phishing, identity theft and more.

Kevin Beaumont, a cybersecurity researcher highlighted in his article that data can be extracted from the database even without administrative privileges.

Screenshot: Kevin Beaumont Article | DoublePulsar

James Forshaw, a researcher with Google’s Project Zero vulnerability research team published that he has also found methods to carry out an exploit without needing elevated permissions.

Recall
Screenshot: James Forshaw post | Infosec.exchange

This backlash has got Microsoft’s security team working overtime to implement changes. Microsoft has announced several adjustments to Recall, to enhance user privacy and security.

  • The Recall feature will no longer be active by default, a user will need to manually enable the feature and authenticate using biometric methods such as fingerprint or facial recognition.
  • Microsoft will encrypt the database containing the screenshots that power the Recall feature. This will add an extra layer of protection for sensitive data captured 
  • Users will have the option to select which apps or websites are excluded from the screenshot process, offering a degree of customization and control over what information is captured.
  • Microsoft has continually assured users that their data is not saved in the cloud and so the company will have no access to it.
  • Users have the option to pause the system, and delete data gathered by Recall at when convenient. This will give them greater control over their data

Microsoft envisions Recall as ‘photographic memory’ but unintentionally puts its average or uninformed users at risk. These adjustments by Microsoft demonstrates that they listen to the cybersecurity community  and are working to ensure the safety and privacy of its consumers. As the release date for the ‘Recall’ feature approaches, all eyes will be on Microsoft to see how effectively these changes address the security concerns raised and how much improvement will be made.

About the author: