Windows Recall: Where Microsoft Went Wrong And How To Disable It For Now

how to, microsoft, windows recall: where microsoft went wrong and how to disable it for now

surface pro laptop

Microsoft is pushing the boundaries of AI on computing machines with its new Copilot+ PCs championed by Arm processors hawked under Qualcomm's Snapdragon X line -- and soon by AMD and Intel, as well. The most ambitious of the new AI-driven features is Recall. Think of it as a photographic memory system for your PC: it takes a picture of your on-screen activity in five-second intervals, saves it locally, and then lets an AI analyze it. It's kind of like an OCR (Optical Character Recognition) tool, but on AI steroids.

The benefit? Let's say you were writing about a pasta recipe. You wrote a draft but had to delete a few paragraphs to adjust the word count. Now, you need that deleted information. Just launch Recall, go back to the timeline for when you were working on the draft, and look through the numerous pictures of your on-screen work progress for the exact moment where you wrote that now-deleted paragraph. You can even type whichever bits you remember, and Recall will do the job of scanning and finding the accurate (or approximate) match from your past PC activity.

It works with images in addition to text, which means you can also get visual matches. That's photographic memory for your computing convenience. Unfortunately, it may also be a goldmine for hackers to exploit, and security experts are legitimately concerned about it. Following expert outcry about privacy, Microsoft made some changes and put the public release on hold.

Safety Protocols And Ways To Disable Windows Recall

how to, microsoft, windows recall: where microsoft went wrong and how to disable it for now

Microsoft's Windows Recall feature

Microsoft says it built Recall with data safety and security in mind. For example, every snapshot that Recall captures is saved locally -- none of it is sent to cloud servers owned by Microsoft for any kind of analysis. This is made possible by deploying the AI locally, something Google does with its Gemini Nano AI model for Pixel 8 phones. Notably, Recall was enabled by default initially, but Microsoft changed that policy after criticism. In case you enabled it during setup, here's how to disable it:

  1. Settings > Privacy & Security > Recall & Snapshots > Save Snapshots > Disable toggle
  2. Settings > Privacy & Security > Recall & Snapshots > Delete Snapshots > Delete All

Users can also tell Recall to stop saving snapshots and also put a temporary pause on it. For sensitive tasks, such as using banking websites, users can create exceptions and filters. Similar protections apply to apps, as well. Recall doesn't save snapshots when you are browsing the web in private or incognito mode, and it won't create snapshots of material that is protected by digital rights management (DRM) content.

Additionally, content saved by Recall is protected by encryption solutions like BitLocker or Device Encryption. Furthermore, if another user account is signed on to the same Windows account, Recall snapshots won't be accessible because they are now locked behind Windows Hello log-in and user presence for snapshot decryption.

Why Experts Are Concerned About Recall

how to, microsoft, windows recall: where microsoft went wrong and how to disable it for now

Microsoft's Windows Recall feature

James Forshaw, a security expert on Google's Project Zero team, published details in early June 2024 on a workaround that bypassed the need for admin privilege to access Recall data on a machine. Prior to that, ethical hacker Alex Hagenah created a proof-of-concept tool called TotalRecall capable of extracting a machine's entire Recall snapshot data.

Cybersecurity veteran Kevin Beaumont, who formerly worked as a Senior Threat Intelligence Analyst at Microsoft, detailed how he had exfiltrated his own Recall data using Copilot+ software on a machine without a dedicated AI chip. "They have tried to do a bunch of things but none of it actually works properly in the real world due to gaps you can drive a plane through," wrote Beaumont on May 31 in reference to Microsoft and its new feature. The biggest risk factor is that since Recall saves everything — including content you've deleted — hackers could even potentially steal snapshots of erased PC activity.

"During testing this with an off-the-shelf infostealer, I used Microsoft Defender for Endpoint — which detected the shelve infostealer — but by the time the automated remediation kicked in (which took over ten minutes) my Recall data was already long gone," he explained. The Information Commissioner's Office, which is the U.K.'s data watchdog, also quickly expressed concerns about the privacy implications. "We are making enquiries with Microsoft to understand the safeguards in place to protect user privacy," the ICO said in a statement on May 22.

Microsoft's Response To Criticism

how to, microsoft, windows recall: where microsoft went wrong and how to disable it for now

Microsoft's Windows Recall feature

Following backlash, Microsoft announced on June 7, 2024, that Recall will be disabled by default, which means users will need to activate it during the opt-in setup process for saving snapshots. Additionally, Recall will be secured behind a Windows Hello log-in, which means the activity log won't be accessible without the right face, fingerprint, or PIN to unlock the machine. "In addition, proof of presence is also required to view your timeline and search in Recall," assures Microsoft.

Beyond that, Recall is putting faith in the security measures deployed by other companies on their respective websites and apps. "It will not hide information such as passwords or financial account numbers. That data may be in snapshots that are stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry," says Microsoft.

So, for example, if a banking website or app doesn't hide credentials behind dots or asterisks during the sign-in process, a snapshot of that sensitive information would be saved locally on a computer running Recall. Adolf Streda, Malware Researcher at Avast, tells SlashGear that to access that kind of granular data, hackers would usually have to deploy sophisticated tools like keyloggers and screen grabbers. Recall snapshots seemingly turn into a wholesale data market, and open new avenues for sextortion scams, as well. "All that remains for them is to figure out how to access Recall's storage or scam you into providing them access to it," notes Streda.

The Convenience Doesn't Come Without Risk

how to, microsoft, windows recall: where microsoft went wrong and how to disable it for now

Microsoft's Windows Recall feature

Nick Hyatt, Director of Threat Intelligence at Blackpoint Cyber, tells SlashGear that owing to the sheer convenience it offers at finding the information we lose track of, Recall is a lucrative feature addition. But Hyatt focuses on the encryption scenario for Recall, something Beaumont also highlighted in his research. When a person is using a machine, all the saved data is decrypted so that the user can access it -- it's only protected by encryption when the user is not logged in.

"At-rest encryption helps, for example, if you leave your laptop in a car and it's stolen out of the backseat. What this doesn't protect against is infostealer malware -- it's a trivial modification for adversaries to support Recall data," adds Hyatt. Moreover, the risks are not just personal, but can be damaging for a company, as well. He points to the risks of domestic abuse, where even deleted messages shared across platforms like WhatsApp and Signal could appear in the snapshots of PC activity captured by Recall.

"A categorized, searchable database of every activity conducted by a user could literally result in people dying should attempts to get help be discovered," Hyatt explains. On the topic of large-scale attack risks, he mentions companies that may adopt the AI feature. "I think Recall is a massive misstep by Microsoft and should be recalled, as the security risks outweigh any tangible real-world benefit," Hyatt tells us.

Meanwhile, Nate Warfield, Director of Threat Research & Intelligence at Eclypsium, notes that the repercussions of such a risk are "near impossible to comprehend." By utilizing the AI feature, these companies would not only give a bad actor access to valuable data in real time, but also a massive log of past activity.

Cyberattack Threats May Evolve To Target The Feature

how to, microsoft, windows recall: where microsoft went wrong and how to disable it for now

Microsoft's Windows Recall feature

A majority of experts who talked to SlashGear highlighted the threat posed by infostealing malware and how bad actors would simply adapt their tools to deal with Recall firewalls. Josh Amishav, CEO at Breachsense, tells SlashGear that there may be secondary vulnerabilities that can be weaponized to get past the encryption. "Infostealers are already capable of storing screenshots, and incorporating OCR (optical character recognition) to extract sensitive data from these images could become increasingly common," he tells us.

Microsoft notes that Recall can be disabled by users who could also adjust its activity temporarily. So far, we have not seen any verified jailbreak demonstrations, but in the past, depending on the status of local remote control options and registry setups, hackers have been able to disable system shields remotely. Microsoft's Recall could be another addition to the list, Amishav warns. "Another important issue is that even if a user disables Recall, attackers can re-enable it through PowerShell, leading to unauthorized surveillance," says the Breachsense founder.

On the point of Microsoft putting the onus of safety on users and third-party websites, there is still an inherent problem at play. "While modern computing systems generally hide credentials input into a login form, the systems behind the login form, including any sensitive information they contain, will be preserved by Recall," Eclypsium's Warfield tells SlashGear. He also points at the history of Microsoft, noting that despite all the positive efforts the company has made over the years, "every single one of their security controls has had vulnerabilities and bypasses."

Read the original article on SlashGear.

OTHER NEWS

28 minutes ago

Video: Jennifer Garner spends quality time with child Fin, 15, in LA after visiting Ben Affleck's rental home amid Jennifer Lopez marriage woes

28 minutes ago

Home favourite Calum Scott, 20, is tearful after following in footsteps of Tiger Woods and Rory McIlroy securing Open Silver Medal for top amateur

28 minutes ago

Who is Xander Schauffele's wife Maya? Meet the US golf star's college sweetheart as she watches him seal his second major win at The Open

29 minutes ago

Biden drops out of 2024 presidential election, endorses Kamala Harris as Democratic nominee

29 minutes ago

Heat-related Texas deaths climb after Beryl left millions without power for days or longer

29 minutes ago

Imperious Schauffele wins British Open with faultless 65

29 minutes ago

Biden pulls out of US presidential race, will serve out term

29 minutes ago

Pogacar achieves first Giro/Tour double since 1998

29 minutes ago

President Biden withdraws from 2024 presidential race

29 minutes ago

Chiefs place safety on NFI list

29 minutes ago

Dolphins to reportedly host Emmanuel Ogbah for workout

29 minutes ago

Piastri wins his first Grand Prix in Hungary as Norris forced to follow McLaren orders

29 minutes ago

Trump Likes EVs Now. That’s Less Terrible for Tesla.

29 minutes ago

The simple ways to save money on airport car parking – and the cheapest places to park

29 minutes ago

The ultimate marathon challenge, AlUla Desert Blaze, returns this August

29 minutes ago

Churches are making electrifying changes as 'creation care' trend sweeps across nation: 'I expect … it's really going to boom'

29 minutes ago

4 position battles to watch in Bears training camp

29 minutes ago

CrowdStrike latest - what to expect now as UK and world recovers from IT crash

29 minutes ago

President Joe Biden drops out of the 2024 race after disastrous debate inflamed age concerns

29 minutes ago

Picture: Another Kaizer Chiefs new home kit leak

29 minutes ago

The best bank cards to use abroad in 2024

29 minutes ago

Joe Biden withdraws from US election race

29 minutes ago

Pamela Cullen obituary

32 minutes ago

Live updates: Biden drops out of 2024 presidential race, endorses Harris

33 minutes ago

Joe Biden Endorses Kamala Harris As Democratic Presidential Nominee

34 minutes ago

Israeli military claims attack on Houthi-linked sites in Yemen are ‘necessary’

34 minutes ago

The Bear season 4: Everything we know so far

34 minutes ago

Mel Gibson's Braveheart prop and Sean Connery's outfit to be auctioned

34 minutes ago

Rugby-Scotland score half century of points in test win over Chile

34 minutes ago

Rafa Marquez leaves Barcelona Atletic for Mexico role

34 minutes ago

Debut goal 'surreal' - Forbes

34 minutes ago

Man City forward Kayky, 21, emerges as loan target for Eredivisie outfit Sparta Rotterdam - with the Brazilian forward expected to depart the Etihad this summer

34 minutes ago

Wildfire blazes across 150 acres, forcing Salt Lake City residents to evacuate

34 minutes ago

Video: Love Island SPOILER: Tension rises in the villa as savage fan favourite challenge returns

34 minutes ago

Video: Rihanna turns heads in sexy top and baggy trousers as she steps out in NYC - after inking new Fenty Beauty deal with the Paris Olympics

34 minutes ago

Russia sentences American Michael Travis Leake to 13 years on alleged drug charges

34 minutes ago

Xander Schauffele wins Open Championship with final-round 65 for second major of 2024

34 minutes ago

Remembering Robin Williams, beloved 'Mrs. Doubtfire' actor

34 minutes ago

Patrick Mahomes launched an effortless deep pass to Xavier Worthy that makes a Chiefs 3-peat look like a lock

34 minutes ago

Comedy is harder now because you can’t make jokes about being foreign, says Maureen Lipman