Microsoft Tightens Recall Security after Backlash

Microsoft Tightens Recall Security after Backlash

Microsoft introduces new security features to tighten Recall security after privacy and data security concerns.

Microsoft recently announced a new feature introduced for Windows 11 called “Recall”. This feature available in the upcoming Copilot+ PCs was touted to bring the power of AI to the consumer by indexing and processing everything you have ever done on your computer.

Shortly after the feature was announced and went into preview, researchers discovered started dissecting Recall and discovered that the information gathered by Recall consisted of screenshots and information stored in a simple SQLlite database in plaintext. This raised concerns over threat actors gaining access to a victim’s computer and exfiltrating data quickly before antivirus solutions can stop them. Kevin Beaumont stated in his post:

During testing this with an off the shelf infostealer, I used Microsoft Defender for Endpoint — which detected the off the shelve infostealer — but by the time the automated remediation kicked in (which took over ten minutes) my Recall data was already long gone.

More and more researchers took to social media to decry the lax security in Microsoft’s new Recall product. As expected, it wasn’t long before someone was able to create a tool called Total Recall that could search through the Recall data to reveal plaintext passwords, SSH keys, personal information, and more.

Today, Microsoft announced new security measures for Recall that would help protect consumer data, including:

  • The ability to opt out of Recall in the OOBE setup pages
  • Requiring Windows Hello enrollment to enable the Recall feature
  • Encrypting the Recall index to increase data privacy
  • Enhanced Sign-in Security (ESS) to decrypt data in real time

Only time will tell if these new features will help secure user data using Microsoft Recall.

Thanks to @vx-underground and @CyberCakeX on for sharing this information.

About Timothy Wilson

Tim is an avid homelabber with a passion for information security, threat hunting, and vulnerability research.