Microsoft and its PC manufacturing partners are set to release a slew of new Copilot + PC marketed devices with a potentially fatal security feature called Windows Recall, and security experts await the next two weeks to see if the company addresses its own implementation flaw before putting millions at risk.
Microsoft pitched its new artificially intelligent Windows 11 feature dubbed Recall as a wholesale search of all activity done on new Copilot + PCs and is set to debut it later this month, however, security experts are concerned that the way the company is going about implementing it could put all that captured activity in plain view for hackers.
According to a write up over at The Verge, security experts who have been playing around with and testing Windows Recall over the past couple of weeks have identified a handful of exploits nefarious actors could target to gain access to everything on a users’ PC.
Cybersecurity expert Kevin Beaumont took to Twitter to express his apprehension of Recall as well as to point out the specific ways he tested in which he sees Microsoft failing to keep its promise of protecting users’ data while implementing the new Windows 11 feature.
Beaumont, filters through what exactly Microsoft is and is not f, doing in regard to promoting users as part of a lengthy and informative Twitter thread.
Every few seconds, screenshots are taken. These are automatically OCR’d by Azure AI, running on your device, and written into an SQLite database in the user’s folder. This database file has a record of everything you’ve ever viewed on your PC in plain text.
Kevin Beaumont – Cybersecurity Expert
To prove his claims, Beaumont has already exfiltrated his own data while testing the feature, using unspecified means that he plans to make public after Recall is officially released. As an honest actor Beaumont is trying not to tip his hand while he explains, “I am deliberately holding back technical details until Microsoft ships the feature as I want to give them time to do something.”
In the meantime, Beaumont is hosting a website dedicated to others who can post their exfiltrated data as well as search it using basic tools.
Others in the cybersecurity field have echoed similar concerns regarding Microsoft’s new Windows Recall feature that make use of unfiltered screenshots of PC activity, also include the UK’s Information Commissioner’s office requesting the company explain in detail how the new AI feature can prevent privacy violations.
While Microsoft repeatedly referenced the use of encryption when using Recall on its new Copilot + PCs, the finer print reads for customers who have access to Windows 11 Pro or Windows Enterprise licenses. Microsoft also pitched Windows Recall as an entirely Opt-In experience when first using the feature, however, current implementations of the tested software is an Opt-Out selection.
If Microsoft is to release Recall in the next two weeks it will have to content with a host of potential seen and unforeseen issues, some of which seems addressable by the company as a means of simple implementation, to navigate a potentially transformative but ultimately privacy sensitive platform.
