Security Researcher Calls Windows 11 AI 'Recall' Screenshotting Feature a Disaster [Updated]

by

Last month, Microsoft announced the upcoming launch of Copilot+ Windows PCs with integrated AI hardware and software. One feature that Microsoft touted was Recall, a tool that's designed to take regular snapshots of PC content to help users find anything they've seen or done on their machine.


As it turns out, Recall might be a security nightmare for Windows users. Security expert Kevin Beaumont recently said (via The Verge) that he was able to automate a program that provides plain text data of everything a user has viewed, despite Microsoft's claims that Recall information cannot be exfiltrated remotely.

Beaumont claims that Recall is "essentially an infostealer" that's included in Windows by default, and that it will "set cybersecurity back a decade by empowering cybercriminals." With Recall, hackers are able to scrape "everything you've ever looked at within seconds," and users should prepare for "AI powered super breaches."

Microsoft describes Recall as a feature that lets you "search across time to find the content you need." Powered by AI, Recall takes snapshots every five seconds when content on the screen is different from the prior snapshot and stores the snapshots in a timeline, with AI software using OCR to make the text in the snapshots searchable. Microsoft says that snapshots are locally stored and are analyzed on-device, which should make them secure, but the OCR data is stored in an SQLite database that could be accessed by hackers who infiltrate a PC using malware.

According to Beaumont, infostealer trojans are able to be "easily modified to support Recall" and data from the feature can be accessed remotely. Microsoft "tried to do a bunch of things" to improve security, but ultimately, "none of it actually works properly in the real world." The database that is theoretically accessible by malicious actors contains everything a user has seen such as text messages and passwords, every user interaction, and all websites visited (with the exception of Microsoft Edge in Private Mode).

Beaumont has not shared full technical details on how he automated exfiltration of the Recall database, and is holding until Recall is shipped because he wants to give Microsoft "time to do something." Beaumont recommends that Microsoft pull the feature for the time being.

Copilot+ PCs with Recall are set to launch on June 18. As of now, Recall is turned on by default, though users can optionally disable it.

Update: Given the response to Recall, Microsoft has decided to make it an opt-in feature rather than an opt-out feature. It will no longer be on by default, and there will be an option to opt in or opt out when setting up a Copilot+ PC. Windows Hello will also be required to turn on Recall for an extra layer of authentication. Windows Hello requires a face scan, fingerprint, or PIN to access a machine. Proof of presence will be required as well, so a screenshot timeline won't be accessible without authentication.

To address concerns about the accessibility of the database that Recall creates, Microsoft is adding additional layers of protection linked to authentication, and the search index database has been encrypted.

Tag: Microsoft

Popular Stories

M4 iMac With Magic Accessories

Apple Announces iMac With M4 Chip, Upgraded Camera, Nano-Texture Display Option, and More

Monday October 28, 2024 8:01 am PDT by
Apple today announced that it has updated the 24-inch iMac with the M4 chip, which debuted in the iPad Pro earlier this year. This upgrade comes around one year after the previous iMac with the M3 chip was released. Subscribe to MacRumors on YouTube for more videos! As expected, the M4 chip in the iMac is available with up to a 10-core CPU and up to a 10-core GPU. Apple says the iMac with the ...
Read Full Article253 comments
m3 mbp space black

What to Expect From Apple's 'Exciting Week of Announcements'

Thursday October 24, 2024 10:36 am PDT by
Apple's marketing chief Greg Joswiak today teased that the company has an "exciting week of announcements" planned next week. Joswiak said to "Mac" your calendars, and the post includes an animated icon for the Finder app on the Mac, so it is clear that at least some of next week's announcements will be related to the Mac. Subscribe to MacRumors on YouTube for more videos! Below, we have...
Read Full Article116 comments
apple wallet drivers license feature iPhone 15 pro

Apple Says iPhone Driver's Licenses Coming to These U.S. States Next

Wednesday October 23, 2024 1:41 pm PDT by
In select U.S. states, residents can add their driver's license or state ID to the Wallet app on the iPhone and Apple Watch, providing a convenient and contactless way to display proof of identity or age at select airports and businesses, and in select apps. Below, we outline which U.S. states offer the feature, and additional states that have committed to rolling it out in the feature in...
Read Full Article
maxresdefault

Apple Releases iOS 18.1 and iPadOS 18.1 With Apple Intelligence

Monday October 28, 2024 8:07 am PDT by
Apple today released iOS 18.1 and iPadOS 18.1, the first major updates to the iOS 18 and iPadOS 18 updates that came out in September. iOS 18.1 and iPadOS 18.1 come six weeks after the release of iOS 18 and iPadOS 18. Subscribe to the MacRumors YouTube channel for more videos. The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General >...
Read Full Article212 comments
apple oct 2024 mac tease

Apple Teases M4 Mac Announcements Next Week

Thursday October 24, 2024 9:19 am PDT by
Apple's Greg Joswiak today made it clear that Apple plans to reveal new products next week, teasing refreshed Macs. In a social media post, Joswiak said to "Mac your calendars" because there's an exciting week of announcements that start on Monday morning. With Joswiak's announcement, it appears that there will not be a dedicated October event for Macs this year, with Apple instead...
Read Full Article236 comments
M4 iMac With Magic Accessories

Apple Updates Magic Mouse, Magic Keyboard, and Magic Trackpad With USB-C Ports

Monday October 28, 2024 8:02 am PDT by
Alongside the new iMac, Apple announced updated versions of the Magic Mouse, Magic Keyboard, and Magic Trackpad. The accessories are now equipped with USB-C charging ports, whereas the previous models used Lightning. Apple includes the Magic Mouse and Magic Keyboard in the box with the iMac, and the Magic Trackpad is an optional upgrade. "Every iMac comes with a color-matched Magic Keyboard...
Read Full Article182 comments
iPhone SE 4 Thumb 1

iPhone SE 4 Mass Production Timeframe Revealed as Launch Gets Closer

Wednesday October 23, 2024 9:38 am PDT by
Apple suppliers will begin mass production of the fourth-generation iPhone SE in December, supply chain analyst Ming-Chi Kuo said today in a blog post. The fourth-generation iPhone SE is expected to have a similar design as the base iPhone 14, with rumored features including a 6.1-inch OLED display, Face ID, a newer A-series chip, a USB-C port, a single 48-megapixel rear camera, 8GB of RAM...
Read Full Article49 comments
apple oct 2024 mac tease

Apple Promises Two More Mac Announcements This Week Following New iMac Today

Monday October 28, 2024 11:18 am PDT by
Apple introduced a new iMac today with the M4 chip and more, but that's not all, as it still has two more Mac announcements planned this week. "This is a huge week for the Mac, and this morning, we begin a series of three exciting new product announcements that will take place over the coming days," said Apple's hardware engineering chief John Ternus, in a video announcing the new iMac....
Read Full Article96 comments

Top Rated Comments

vertsix Avatar
vertsix
21 weeks ago
I hate all this AI ****.

There, I said it.
Score: 93 Votes (Like | Disagree)
EightBitJoe Avatar
EightBitJoe
21 weeks ago
Hey, what could be the harm, right? It's Microsoft! I trust them.

Them. Them.

I. I. I trust. Trrrrrrrrr.

?SYNTAX ERROR IN LINE 39737

GENERAL FAILURE READING DRIVE C. ABORT, RETRY, FAIL?

Thank you for using BillGPT. Goodbye.
Score: 52 Votes (Like | Disagree)
StralyanPithecus Avatar
StralyanPithecus
21 weeks ago

I hate all this AI ****.
Another tool developed to spy on users.
Score: 31 Votes (Like | Disagree)
Delivered Avatar
Delivered
21 weeks ago

imagine if Apple did this
As someone who loves apple products and uses a lot of them, I am a harsh critic of apple because I want their stuff be great for me to keep using it. When Apple anounced the photo scanning locally on device the techsphere nearly brought the internet down on apple.

Microsoft does this and because they slapped AI/chatgpt/copiolot we all just What say “I hope they nail the security“ This is a flaw at the core. It takes pictures of the passwords as you enter them. That’s so lazy it’s unreal. Microsoft and google wasted no time throwing off the “we care about privacy” hats and double way down on ”feed us data for AI”.

Good luck “turning it off” Microsoft‘s privacy settings are AWFUL. I tried going through it I have no idea and the next update will probably just switch it back on, change a setting w/e. It’s ridiculous.
Score: 28 Votes (Like | Disagree)
DHagan4755 Avatar
DHagan4755
21 weeks ago

As of now, Recall is turned on by default, though users can optionally disable it.
Is it really off when it's disabled?
Score: 25 Votes (Like | Disagree)
JosephAW Avatar
JosephAW
21 weeks ago
It’s just a fancy key-logger. o_O
Score: 22 Votes (Like | Disagree)
Read All Comments