Despite all claims, Windows Recall is not that private or even safe

Recall is one of the key AI features of the upcoming Windows 11 version 24H2. It can analyze everything that happens on your screen by storing snapshots, screenshots and so on. The stored data can be searched, and the apps and documents can be restored to their state at the specific moment of time. However, the way Recall stores that data is a subject of concerns. A researcher has discovered that all the info is not encrypted and can be accessed without much effort.

Microsoft claimed that data processing is performed locally without access to cloud services, and all collected information is stored encrypted.

However, Kevin Beaumont, an expert in the field of cybersecurity with some Microsoft background, believes the new feature could become a “cybersecurity disaster.” Last week he was able to test Windows Recall himself and discovered that all the information was stored in the database in plain text. An attacker using malware can easily gain access to the contents of the database.

According to his research, Recall creates screenshots every few seconds. A locally running Azure AI instance processes them and saves to an SQLite database in the user folder. This file stores information about everything you've ever viewed on your computer in plain text. The database is stored in the AppData folder and can be accessed even without administrator rights, and can be viewed with any of the available SQLite clients/browsers and so on.

SQLite Non-Encrypted Data Captured By Recall

So, your data is only protected by Device Protection and BitLocker.

What is worse is that Recall has no filters. It won't record private browsing from Edge, Chrome and some other browser. But the rest of time it captures passwords, credit card numbers and other sensitive data in screenshots. According to Microsoft, all this will end up in the Recall database if the site or app does not hide the entered password. Now imagine that you press some "show password" button.

It is worth noting that you can prevent certain apps or websites from being recorded by specifying them on the Recall page in the Settings app. But if you don't filter apps and websites, Recall will collect sensitive information.

Microsoft is going to enable Recall by default on Copilot+ devices. During the initial system setup, there is no option to disable Recall. However, this may change before release of the feature (and Windows 11 24H2).

Officially, the Recall feature requires a Copilot+ device. This means it needs a special set of hardware to accelerate AI-powered features. However, users have successfully launched it on older devices. There is an app for that.

Source

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!

Author: Sergey Tkachenko

Sergey Tkachenko is a software developer who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

2 thoughts on “Despite all claims, Windows Recall is not that private or even safe”

  1. What a shock! ;)

    I’ve heard that MS is going to tighten up security since XP. They would rather have new stuff than safety unfortunately. They have panicked and need to get AI out as soon as possible!

  2. Microsoft: Please accept our brain AI interfaces so we can track all of your thoughts every 3 seconds. Our innovative AI hive mind tech 3000 will also “help” you choose the best course of action in your daily routine. This is all in your best interest! And if you don’t accept, the master control program AI might not be happy…

Leave a Reply

Your email address will not be published.

Exit mobile version
Using Telegram? Subscribe to the blog channel!
Hello. Add your message here.