Microsoft is about to launch a new AI-powered Recall feature that will take a screenshot of everything you do on your PC. Recall is part of the new Copilot Plus PCs debuting on June 18, but experts who tested the feature are already warning that Recall could be a “disaster” for cybersecurity.
Recall is designed to use local AI models to take a screenshot of everything you see or do on your computer, then give you the power to search and retrieve anything in seconds. There’s even an explorable timeline you can scroll through. Everything in Recall is designed to stay local and private on the device, so no data is used to train Microsoft’s AI models.
Despite Microsoft’s promises of a secure and encrypted Recall experience, cybersecurity expert Kevin Beaumont has found that the AI-powered feature contains some potential security flaws. Beaumont, who briefly worked at Microsoft in 2020, tested Recall this past week and found that the feature stores plain text data in a database. That could make it trivial for an attacker to use malware to extract the database and its contents.
“Screenshots are taken every few seconds. These are automatically OCRed by Azure AI, running on your device, and written to a SQLite database in the user directory,” Beaumont explains in a detailed blog post. “This database file contains a record of everything you’ve ever viewed on your PC, in plain text.”
Beaumont shared an example of the plain text database on The database is stored locally on a PC, but can be accessed from the AppData folder if you are an administrator on a PC. Two Microsoft engineers recently demonstrated this during Build, and Beaumont claims the database can be accessed even if you’re not an administrator.
The fear is that Recall makes it easier for malware and attackers to steal information. InfoStealer Trojans already exist to steal credentials and information from PCs, and hackers are currently spreading this type of malware to steal and sell information. “Recall allows threat actors to automate everything you’ve ever looked at in seconds,” Beaumont says.
Beaumont has exfiltrated its own Recall database and created a website where you can upload a database and search it instantly. “I’m deliberately withholding technical details until Microsoft releases the feature because I want to give them time to do something,” he says.
Microsoft currently plans to enable Recall by default on Copilot Plus PCs. In my own testing with a prerelease version of Recall, the feature is enabled by default when you set up a new Copilot Plus PC, and there’s no option to disable it during the installation process unless you check an option that then opens the Settings panel. . However, Microsoft is reportedly discussing whether to change this installation process.
Reaction to Microsoft’s recall was swift, with privacy activists calling it a potential “privacy nightmare” and the UK Information Commissioner’s Office stepping in to inquire with Microsoft about its use of the AI-powered feature.
Microsoft claims that Recall is an optional experience and that there are privacy controls built into the feature. You can disable certain URLs and apps, and Recall does not store material protected by digital rights management tools. “Recall also does not take snapshots of certain types of content, including InPrivate web browsing sessions in Microsoft Edge, Firefox, Opera, Google Chrome, or other Chromium-based browsers,” Microsoft says on its clarification FAQ page.
However, Recall does not perform content moderation and thus does not hide information such as passwords or financial account numbers in the screenshots. “That data may be in snapshots stored on your device, especially when sites don’t follow standard internet protocols, such as disguising password entries,” Microsoft warns.
However, Microsoft’s FAQ page does not address the possibility of malware trying to steal the Recall database. “Recall snapshots are kept on the Copilot Plus PCs themselves, on the local hard drive, and are protected using data encryption on your device and (if you have Windows 11 Pro or a Windows 11 business SKU) BitLocker,” says Microsoft.
As Beaumont notes, disk encryption is only good for certain scenarios. “If you are logged into a PC and running software, things are decoded for you,” Beaumont explains. “Encryption at rest only helps if someone comes to your home and physically steals your laptop – that’s not what criminal hackers do.”
Microsoft Recall may need to be reworked, or recalled, if you will. There are clearly some obvious holes in the way data is stored here that need to be addressed, and making this an opt-out experience has privacy activists concerned. The launch of Recall comes just weeks after Microsoft CEO Satya Nadella called on employees to make security Microsoft’s “top priority,” even if that means prioritizing it over new features.
“When faced with the trade-off between security and another priority, your answer is clear: Practice security,” Nadella (emphasis his) said in an internal memo obtained by The edge. “In some cases, this means prioritizing security over other things we do, such as releasing new features or providing ongoing support for legacy systems.”
The edge reached out to Microsoft to comment on the security and privacy issues with Recall, but the company did not respond in time for publication.