Microsoft's Recall Feature Is Even More Hackable Than You Thought

The primary function of Microsoft's new Recall feature, as described by CEO Satya Nadella, is to provide a "photographic memory" for your PC. It achieves this by storing a history of your computer desktop and making it available to AI for analysis1. The feature allows users to search and retrieve their past activities on their PC, including activities in apps, communications in live meetings, and websites visited for research.

Security researchers have raised several concerns regarding Microsoft's Recall feature. The feature is designed to take regular snapshots of a user's PC content to help users find anything they've seen or done on their machine. However, researchers believe that this feature could be a security nightmare for Windows users.

1. Easy Access to Sensitive Information: The Recall feature takes screenshots at regular intervals to capture the user's activities. These screenshots are then stored and processed locally, which Microsoft hoped would ease potential privacy concerns. However, cybersecurity and privacy experts have raised concerns, including due to the screenshots potentially containing highly sensitive information such as passwords and financial data.

2. Vulnerability to Malware: Researchers have demonstrated how malware could steal data collected by the Recall feature. For instance, researcher Kevin Beaumont managed to automate a program that provides plain text data of everything a user has viewed, despite Microsoft's claims that Recall information cannot be exfiltrated remotely2. Beaumont claims that Recall is essentially an infostealer that's included in Windows by default, and that it will set cybersecurity back a decade by empowering cybercriminals.

3. Lack of Adequate Security Measures: The data collected by Recall is stored in a database in plain text, which could make it trivial for an attacker to use malware to extract the database and its contents. While the database is encrypted while logged out of Windows, this only protects it from someone physically stealing your computer, which Beaumont points out is not how hackers generally conduct their business.

4. Potential for Misuse: Researchers also point out that the Recall feature could be easily modified to grab data from the new Windows feature. Beaumont said the data collected by Recall is efficiently compressed, with several days worth of data needing less than 100 Kb of storage2. The researcher claims he has conducted tests using an off-the-shelf infostealer malware, which managed to exfiltrate Recall data before it was detected by Microsoft Defender for Endpoint.

5. Privacy Concerns: The feature has also raised privacy concerns, with some critics calling it a "privacy nightmare". The UK’s Information Commissioner’s Office has also stepped in to make inquiries with Microsoft about the feature.