Controversial Windows 11 Recall feature could help hackers steal your passwords

Even though Microsoft’s new Copilot Plus PCs are a few weeks away from hitting store shelves, security researchers are already raising alarms about a new Windows 11 AI feature. Dubbed Recall, Microsoft pitches it as an “explorable timeline of your PC’s past.”

With Recall enabled, Windows 11 will capture screenshots of your screen every five seconds and record various interactions with your PC. You can then ask the Copilot AI chatbot questions about your past interactions or simply browse through the timeline of text and images.

The Recall feature is set to debut on Copilot Plus PCs later this month. However, some enterprising developers have already found a way to enable it on older Arm-powered Windows PCs. Thanks to this early access, security researcher Kevin Beaumont was able to explore the inner workings of Recall.

According to Microsoft, Recall’s AI processing happens entirely on-device. Furthermore, none of this information is ever transmitted to the company’s servers. The good news is that these claims mostly held up in Beaumont’s published testing of the feature. The only problem? None of those measures can stop a malicious attacker from siphoning data off your computer.

Given that Recall automatically takes screenshots of your screen, it ends up recording sensitive data such as emails, chat messages, and the websites you visit. Clearing your browser history or deleting chat logs won’t make these records go away.

Microsoft’s own support document for Recall also explicitly states that the feature “does not perform content moderation” and that it “will not hide information such as passwords or financial account numbers.” Beaumont also found that while Recall respected the Microsoft Edge browser’s InPrivate mode, it continued to capture screenshots with Incognito tabs open in Chrome.

During his testing, Beaumont also found that Microsoft has tasked an on-device AI to detect and scrape text from the automated screenshots. These records are then collectively written to a plain-text database and saved in the Windows AppData folder.

That wouldn’t be a problem by itself, except for the fact that the Recall database is apparently accessible by anyone using the computer. According to Beaumont, it can even be accessed without administrator privileges. This means someone like a family member could potentially gain access to sensitive records on a shared device. The threat potential doesn’t end there, though. Beaumont warns that Infostealers — a form of malware used to siphon passwords — could evolve to steal Recall databases at scale.

The security researcher goes on to say that Microsoft’s encryption claims only hold true from a very narrow perspective. Your data is safe and encrypted by Windows BitLocker as long as the computer is turned off or your account remains logged out. However, the Recall database sits decrypted and exposed when you’re actively using the PC.

Beaumont’s Recall database containing several days’ worth of records amounted to just 90Kb, which could be uploaded by a malicious program almost instantly. He continues, “I have automated exfiltration, and made a website where you can upload a database and instantly search it. I am deliberately holding back technical details until Microsoft ship the feature as I want to give them time to do something.”

Luckily, Recall has not been rolled out to existing Windows installations, so you’re not at immediate risk. However, new Copilot Plus PCs may ship with the feature enabled by default, potentially opening up unsuspecting users to a new attack vector. The only silver lining is that you’ll be able to opt out of automatic snapshots from within the Settings app.