You might want to disable the Microsoft Recall AI feature when it’s ready, because of several significant cybersecurity concerns that have recently come to light. These issues could potentially compromise your data security.
Microsoft has refuted allegations that Recall, a feature designed to enhance system-wide searches by remembering user activities on your PC, presents a privacy threat. However, two security researchers now assert that Recall significantly eases the process for hackers to access data from Windows 11 users.
On Tuesday, cybersecurity expert Alexander Hagenah unveiled a demo tool that illustrates how malware can effortlessly exploit the saved data within the Recall function.
“The database is unencrypted. It’s all plain text,” Hagenah emphasized in his discussion with Wired, highlighting the vulnerability of how Recall stores information on a PC. “It’s a Trojan 2.0 really, built in.”
Just a few days after Hagenah’s disclosure of his tool, named TotalRecall, another security researcher and ex-Microsoft employee, Kevin Beaumont, released a blog post detailing supposed vulnerabilities in the Recall feature.
Microsoft has yet to make Recall widely available to consumers; currently, it’s included in the preview release for Windows 11 version 24H2. This also provides early access to Recall for Windows PCs utilizing Arm processors, either directly or via a virtual machine.
Upon testing the feature, Beaumont discovered that hackers or malware can easily access files saved by Recall, despite Microsoft’s assertion that it employs encryption. Beaumont noted that Recall saves information in a readily accessible database within the user’s AppData folder. Unexpectedly, the database stores this information in plaintext.
Microsoft told media outlets a hacker cannot exfiltrate Copilot+ Recall activity remotely.
Reality: how do you think hackers will exfiltrate this plain text database of everything the user has ever viewed on their PC? Very easily, I have it automated.
HT detective pic.twitter.com/Njv2C9myxQ
— Kevin Beaumont (@GossiTheDog) May 30, 2024
Additionally, the database compresses the saved data tightly, allowing several months’ worth of user history to be extracted from the PC in seconds. The risk emerges if a hacker deceives the user into installing malware that taps into the Recall database and covertly steals sensitive details such as passwords and financial account numbers. To mitigate this risk, it is crucial to disable Microsoft Recall AI feature whenever possible.
“I think [Microsoft is] probably going to set fire to the entire Copilot brand due to how poorly this has been implemented and rolled out,” Beaumont stated. “It’s an act of self harm at Microsoft in the name of AI, and by proxy real customer harm.”
Telegram combolists show that we are all hacked
These revelations prompted Hagenah to develop TotalRecall. In his GitHub posting, Hagenah highlights that Recall “stores everything locally in an unencrypted SQLite database, and the screenshots are simply saved in a folder on your PC.”
These findings come amid growing concerns from many security and privacy experts who have labeled Recall as a potentially invasive spyware threat. Microsoft did not immediately respond to requests for comment. However, the company has previously indicated that it is still collecting user feedback on Recall to help develop more controls for the technology and enhance the overall user experience. Nevertheless, users have observed that Recall is enabled by default on new Windows 11 Copilot+ PCs, making it crucial to disable Microsoft Recall AI feature to avoid potential security risks.
How to disable the Microsoft Recall AI feature?
If you’re concerned about the privacy and security implications of the Microsoft Recall AI feature, you can disable it by following these steps, when it reaches your PC:
- Locate Recall on the taskbar: When you reach your desktop, you’ll find Recall pinned to the taskbar.
- Check the system tray: Look for the Recall snapshot icon in the system tray, which indicates when Windows is actively saving snapshots of your activity.
- Access settings:
- Click on the Start menu and select Settings.
- Navigate to Privacy & security.
- Disable Recall & snapshots:
- Under Privacy & security, find and select Recall & snapshots.
- Here, you can toggle the option to save snapshots on or off according to your preference.
By following these steps, you can ensure that the Recall feature is disabled, helping to safeguard your personal data and maintain your privacy.
A bad reputation
Microsoft has a history of setting features to default without user consent, much like requiring a Microsoft account for installing Windows. According to cybersecurity experts, this trend might continue with the Recall feature. Kevin Beaumont mentioned on Twitter that Microsoft has hinted at possible changes to Recall before the release of Copilot+ consumer devices, although officially, they have remained silent on the matter.
Apparently Microsoft have off the record briefed they may make changes to Recall before Copilot+ consumer devices drop (soon). On the record they’ve no commented about everything. https://t.co/AjT37vuEfb
— Kevin Beaumont (@GossiTheDog) June 4, 2024
Zac Bowden added that users are likely to be prompted to enable Recall during setup, with the option to opt out. This situation suggests that the current issues with default settings in Microsoft products are neither the first nor likely the last.
Featured image credit: Kerem Gülen/Midjourney
