Disastrous Microsoft feature

Security experts have called Microsoft's new AI feature–Recall–a disaster for cybersecurity

Martin Crowley
June 4, 2024

Microsoft is launching its new AI-powered feature called Recall, which takes screenshots of a user's screen every five seconds, records interactions they make with their PC, and stores this information on the device. The feature is an “explorable timeline of your PC’s past”, designed to help users find and recover text, images, and documents easily.

The feature will come, by default, on all new Copilot Plus PCs, as standard, which is expected to launch on the 18th of June.

But, ex-Microsoft employee–Kevin Beaumont–has been testing the feature, as part of an early access testing program, and found a serious issue which is a “disaster” for cyber security.

What security flaw does Recall have?

Microsoft has openly admitted that Recall doesn’t perform any content moderation, meaning it could take screenshots containing highly sensitive information, such as passwords or financial account data, and “not hide this information.” But, they have reassured users that all data processing happens on-device, and is never, ever transmitted onto the company’s servers, keeping that sensitive data safe and secure.

While Beaumont found this to be true (in part), he also found that Recall scrapes data from screenshots and stores it, as plain text files, on a database within the Windows AppData folder. This makes it easy for hackers and InfoStealer Trojans (malware that steals passwords) to access this private information.

“Recall enables threat actors to automate scraping everything you’ve ever looked at within seconds”

This worrying finding comes just weeks after Microsoft’s CEO, Satya Nadella, announced that it was prioritizing safety over everything, including new product or feature launches, telling employees:

“If you’re faced with the trade-off between security and another priority, your answer is clear: Do security.”

Recall clearly needs some rework to make it watertight against hackers and cybercriminals, so it’ll be interesting to see, over the coming weeks, whether Microsoft keeps its promise to prioritize safety over feature launches