"Microsoft should recall Windows Recall" — Security researcher discovers Microsoft's new AI tool is woefully insecure
What you need to know
Microsoft is planning to roll out a new AI feature dubbed "Windows Recall" on new Windows 11 Copilot+ PCs this month.
The feature remembers everything you've done on your computer and lets you find things using semantic search.
Recall stores everything locally on device, but it appears that data is not encrypted when the user is logged into the computer.
Microsoft has faced quite a bit of backlash over its new Windows Recall AI feature since it was first unveiled on May 20. The AI tool, which is shipping on new Windows 11 Copilot+ PCs later this month, is designed to capture everything you do on your computer and use AI to index that content into semantically searchable snapshots.
When the feature was unveiled, Microsoft promised security. The data Recall collects is stored on device, "encrypted" using Bitlocker, and is never sent to Microsoft or advertisers. Users are free to turn off Recall, or if they do choose to use it, delete any and all snapshots at any time.
However, it appears not everything is as it seems. While it's true that Windows Recall doesn't send any data to the cloud, the data it stores locally on your machine isn't very well secured. Security researcher Kevin Beaumount has documented his findings on Windows Recall, and has revealed that the tool stores its data in an SQLite plaintext database.
This means the data is readable, and not encrypted when the user is logged into their computer. The only time the data becomes encrypted is when the PC is not logged in. So, while that protects against someone accessing your data on a stolen laptop, it does not prevent potential malware designed to scrape Recall's data while the user is logged in.
Microsoft has done the bare minimum to protect this data. It's stored in a system directory that requires administrator and system-level rights to access and edit. However, these protections are easily bypassed, and an attacker could easily write a bit of software to ignore those permissions if they wanted.
Windows Central had reached out to Microsoft for comment about these discoveries around Windows Recall, but the company failed to respond in time for publication.
Outside of these security issues, Windows Recall appears to do exactly as promised. I've been using the feature over the last few days, and it's genuinely impressive how well it works. It's able to find images and text with vague search phrases, and I've been wowed by just how capable it is at doing so.
Unfortunately, for users to truly trust this tool, Microsoft is going to need to do the work to secure the data it collects locally on your PC. While it's quite unlikely you'll ever encounter malware designed to scrape Windows Recall data, it's not impossible, and so it's better to have that data encrypted for peace of mind.
With that said, I find the outrage about this discovery to be somewhat overblown. All your files are unencrypted when you're using your PC, yet most people aren't constantly concerned about malware potentially scraping their personal documents, pictures, downloads, videos, and synced cloud folders.
While it's not a great look that Microsoft has built a tool into Windows that places everything you do into a convenient directory for attackers to harvest on, it's important to remember that Windows Recall is entirely optional. You don't have to use it if you don't want, and if you choose not to, the service won't run. If you're concerned about it potentially being enabled secretly in the background down the line, Microsoft has built-in security measures to prevent this. If Recall is capturing data, a permanent visual indicator will be placed on the Taskbar to let you know.
Plus, the feature is only available on new Copilot+ PCs. It won't be coming to existing Windows 11 installs, which might be enough of a reason for many to not upgrade their devices any time soon.
Hopefully Microsoft is able to update Windows Recall to encrypt the data it collects in the future.
