Microsoft’s AI Recall Feature Postponed Over Security Concerns

Microsoft has decided to postpone the release of its AI Recall feature, originally scheduled to ship with the new Copilot+ PCs on June 18. The decision comes in response to security and privacy concerns raised about the AI tool.

Windows Recall, as described by Microsoft, is designed to give a computer a “photographic memory.” It achieves this by taking “snapshots” of the user’s active screen every few seconds and storing these snapshots in a local database and timeline. Users can then use an AI-driven search on their Copilot+ PC to locate specific webpages or files based on text and visual matches.

However, the announcement of the feature on May 20 was met with swift backlash from customers and security experts. They raised alarms over the privacy and security implications of having a searchable database of countless screenshots readily available on one’s computer.

One major concern was the potential for hackers to easily access a treasure trove of sensitive information in the event of a compromise. This risk was compounded by the fact that Microsoft’s Recall FAQ explicitly states it will not hide sensitive details such as passwords or financial account numbers.

A proof-of-concept exploit to extract the Recall database, dubbed “TotalRecall,” is already available. It was most recently updated on June 6 to grant the necessary permissions to easily access the database. TotalRecall’s creator, Alex Hagenah, announced that TotalRecall 2.0 was in the works, improving on fellow researcher James Forshaw’s permissions bypass method by adding the ability to impersonate AIXHost.exe tokens.

Getting ready for TotalRecall 2.0. Some enhancements and features planned. One of them is @tiraniddo AIXHost.exe Token impersonation which is now working smoothly. In case icacls won't work anymore.#totalrecall pic.twitter.com/Ev4RbY6HR6

— Alex (@xaitax) June 13, 2024

In response to criticisms over the feature’s security risks, Microsoft initially announced on June 7 that it would be making changes to the upcoming feature. These changes included requiring users to opt-in to use it rather than having it activated by default, and requiring proof-of-presence via Windows Hello biometric authentication in order to decrypt, view, and search Recall snapshots.

However, Microsoft changed course again on Thursday, updating its June 7 blog post with a notice that the feature would be postponed and be made available only to Windows Insider Program members “in the coming weeks.”

The Windows Insider Program (WIP) is free to join and has millions of members. It allows members to preview upcoming and experimental Windows features, as well as provide direct feedback to Microsoft. The company said an upcoming blog post would provide more information about how WIP members can preview Recall, noting that a Copilot+ PC is required to use the feature due to its hardware demands.

The delay announcement came shortly after Microsoft President Brad Smith testified before the U.S. House Committee on Homeland Security Thursday in a hearing focused on security failings leading to the compromise of government email accounts by a China-sponsored threat actor last year.

During his testimony, Smith defended the Recall feature, stating, “We’ve designed it so it’s off by default so that people have to choose to turn it on and we can share information with them before they make that decision. We’ve designed the feature so that the information always stays on one’s own PC – doesn’t go to Microsoft, it doesn’t go anywhere else. We’ve combined it with a hardening of security and Windows for every part of the computer and not just this feature alone.”

Smith also emphasized that Microsoft is taking “a very comprehensive approach to addressing all of the security and privacy issues,” including by taking public feedback into consideration.

Kevin Beaumont, a security researcher and former senior threat intelligence analyst at Microsoft, who wrote two articles about Recall’s pitfalls and has been a vocal critic of the feature on social media, responded to news of the delay, saying, “Good on Microsoft for finally reaching a sane conclusion.”

Current situation: InfoStealer malware, stealing your saved passwords.

Coming situation: CoPilot Recall malware, where it steals everything you’ve ever typed or viewed as it’s in an already assembled database.

Thanks, Microsoft, for your service to enabling malicious hackers.

— Kevin Beaumont (@GossiTheDog) May 21, 2024

“Photographic memory of everything you’ve ever done on a computer has to be entirely optional, with risks explained and be done right… or not at all. Accountability matters,” Beaumont added. “Microsoft, be better.”