Why Microsoft's AI-powered 'Recall' is an impending cyber disaster

Cyber expert says it's a train wreck in slow motion.

Why Microsoft's AI-powered 'Recall' is an impending cyber disaster
Photo Credit: Unsplash/Alexander Schimmeck

AI-powered 'Recall' feature is coming to Windows. A cyber expert says it's a train wreck in slow motion.

Microsoft recently took the wraps off a new AI-powered Recall feature, currently slated to debut June 18 as part of "Copilot Plus" PCs.

Total 'Recall'

How it works:

  • Capture a screenshot every few seconds.
  • Processed and stored entirely on the local PC.
  • Service designed to help users recall everything.

Sounds perfectly harmless, isn't it?

However, a cybersecurity researcher who tested it is now warning users that it's a disaster waiting to happen.

Cybersecurity nightmare

In a detailed blog post, Kevin Beaumont argued that Recall will have devastating consequences for users compromised by malware.

Imagine Recall extracting and storing the following:

  • Every website you visited.
  • Discussions in messaging apps.
  • Budget spreadsheets, confidential docs.

Now everything is accessible from a single, convenient database they can siphon out over a typical broadband connection in less than a minute.

Potential problems

Its security measures don't work, argue Kevin, because:

  • Most users log in with an admin account.
  • Everything Recall sees is stored with no filtering.
  • Captured data is stored indefinitely.

Kevin noted how Microsoft Defender for Endpoint successfully detected an off-the-shelf infostealer malware. However, the process took 10 minutes - more than enough time to steal Recall data.

And the stolen data is a massive problem. Imagine:

  • An admin staffer working for an insurance firm is breached. Just think of the thousands of PII records they would have looked at.
  • A careful coder who logs in via VPN and doesn't store source code locally. Yet all the code they ever looked at could still be compromised.
  • Hackers could start targeting the Recall database and resell stolen data to other cyber criminals on the dark web.

What next?

For now, Kevin is urging Microsoft to reconsider the current implementation of Recall. To illustrate the risks, he even created a tool to access the Recall database.

  • Recall is an optional experience, though it must be explicitly disabled once it's live.
  • The feature will appear first on 10 Copilot+ devices and will eventually make its way to Windows 11.

Do you agree that Recall is a cybersecurity problem waiting to happen?