Microsoft recently unveiled a new function named “Recall,” designed to give users a “photographic memory” of their PC activities by letting them revisit any app or file they have opened. This new feature has, however, drawn criticism from cybersecurity experts due to its potential security risks. Microsoft has since published a document addressing how privacy is affected when using Recall.
Kevin Beaumont, a cybersecurity expert, criticized the feature in a detailed analysis on Medium. Beaumont contends that Recall suffers from a host of security issues, which could allow hackers to steal anything viewed or typed on a computer.
Microsoft told media outlets a hacker cannot exfiltrate Copilot+ Recall activity remotely.
Reality: how do you think hackers will exfiltrate this plain text database of everything the user has ever viewed on their PC? Very easily, I have it automated.
HT detective pic.twitter.com/Njv2C9myxQ
— Kevin Beaumont (@GossiTheDog) May 30, 2024
Technical Details and Vulnerabilities
The Recall function works by taking screenshots of the user's computer activity every few seconds and applying Azure AI-driven OCR technology to convert these images into text. This text is then stored in an SQLite database in the user's AppData folder. Beaumont showed that this database could be accessed by other user accounts on the same machine, contradicting Microsoft's claims of exclusive user access.
All interactions are recorded in the Recall database, including websites visited, emails read, and applications used, and remain there unless manually deleted or overwritten. Beaumont managed to automate the extraction of his own Recall database and created a site that could instantly sift through its contents. He pointed out that the database is easily compressible, which simplifies the task of exfiltrating months' worth of data in a short span.
Implications for Privacy and Security
Beaumont highlighted the privacy risks of Recall, especially in situations such as domestic abuse. He also raised concerns about Recall's compliance with GDPR regulations. Although Microsoft maintains that Recall's data cannot be remotely extracted by hackers, Beaumont argued that the plain text database can be easily automated for exfiltration.
Beaumont has called on Microsoft to reevaluate and revise the Recall feature to address the outlined security and privacy issues. He emphasized that Microsoft needs to focus on security, especially given CEO Satya Nadella's emphasis on this area. Recall is currently accessible in the Release Preview Channel of the Windows Insider program and is slated for release in the upcoming Copilot+ PCs, including the latest Surface Pro and Surface Laptop models.