When building a piece of software that spies on its users to be of assistance, it seems understandable that users would want it to be as secure as possible, but that wasn’t the case for Microsoft’s Recall, until now.
With a new testing window just weeks out, Windows users interested in Microsoft’s AI-powered search history feature can now play with Recall reassured that every activity that’s taken place on their PC won’t be subject to a simply copy paste of a plain text file by anyone with a 2-bit interest in hacking.
Microsoft has been in the workshop over the past five months retooling its flagship Copilot + PC branded feature Recall that was meant to highlight the coalescing of Windows and artificial intelligence at its peak. Unfortunately, the weekend before it was to be unveiled to the public, Microsoft yanked it from release due to mounting security and privacy concerns from testers in the cybersecurity sector.
As Microsoft remerges with a redesigned version of Recall, VP of enterprise OS security David Weston is out extoling the work developers have put into to reimagine a more secure and private experience with its new search history feature for Windows.
In speaking with The Verge, Weston goes over the various safeguards, options, and additional features the Recall team put into place to make sure when the platform enters testing next month, it does so, way more secure and thoughtful than it was going to back in June.
I am actually really excited about how nerdy we got on the security architecture. I am excited because I think the security community is going to get how much we’ve pushed into Recall.
David Weston, Vice President of OS Security
There is no more on by default experience at all — you have to opt into this. That is obviously super important for people who just do not want this, and we totally get that.
In addition to an opt-in model, Microsoft has also offered a more abstinent option that allows users to uninstall Recall altogether. The option to uninstall was reported on last month but Microsoft was quick to dissuade the notion by saying it was development bug. Perhaps the positive feedback from that bug resonated with Recall developers because Watson specifically addresses the return of a complete uninstall option for Recall by explaining that “ff you choose to uninstall this, we remove the bits from your machine.”
Other tidbits given in Weston’s interview with The Verge help shed light on features previously reported were under development to secure Recall such as encrypting the snapshots Recall takes to help filter and categorize user activities on their PCs. Previously, these snapshots, which could contain sensitive material like credit cards, driver licenses or social security numbers, were not only unencrypted but stored in a plain text file.
Fortunately, Microsoft has encrypted that database behind its Windows Hello bio authentication security level and Trusted Platform Module (TPM) baked into Windows 11. The new encryption keys are tied to the TPM and the only way to access it is through facial recognition, PIN, or fingerprint. Through the same hardening process, Microsoft is hoping to prevent malware from ever accessing the snapshot database by forcing users to be physically present while Recall actually isn’t.
“We’ve moved all of the screenshot processing, all of the sensitive processes into a virtualization-based security enclave, so we actually put it all in a virtual machine,” Weston explains. Microsoft’s new security alchemy for Recall boils down to a slight of hand the platform performs between the UI visually presented and what is actually being moved about behind the scenes.
Users are met with a UI app layer that does not have access to the unencrypted snapshot database while Windows generates a virtualized instance of Recall after a secure Windows Hello authentication process that is searchable, and when Recall is closed, that virtualized machine destroys the memory of that interaction. “The app outside the virtualization-based enclave is running in an anti-malware protected process, which would basically require a malicious kernel driver to even access.”
Microsoft has also locked down the Recall platform to Copilot + PCs, being the only devices that can run it. Recall will search for search for a few security variables before it runs, including BitLocker, virtualization-based security enabled, measure boot with system guard secure launch protections, as well as kernel DMA protections in place.
The new security features for Recall sound great, but Microsoft has gone a step further and puts its work into action through rigorous internal and external testing that include its own Offensive Research Security Engineering teams (MORSE) hacking away at the new protocols while an independent third-party contractor also did its best to test and review.
The interview between Weston and The Verge did not go into details about the additional filtering and customization tools Recall is gaining since its retooling such as options to filter out sensitive information like passwords or credit cards or the blocking specific apps from being screenshot during Recall use. Users will also be able to destroy time ranges, snapshots of app-specific content and create a blacklist of websites within Recall’s database.
Microsoft is set to release an Insider preview version of Recall next month but still has no clear period or time for a general customer release will happen. For now, all the people who snatched up a Copilot + PC waiting on Recall will have to settle with stellar battery life and a quieter machine for Recall will have to settle with stellar battery life and a quieter machine for
