In response to significant security concerns raised by cybersecurity experts and the public, summarized in our article here, Microsoft has announced that the controversial Recall feature in its new Copilot+ PCs will be opt-in.
This update comes ahead of the June 18 launch and addresses vulnerabilities highlighted in recent research.
Double-edged sword
The Recall feature, exclusive to Copilot+ PCs, aims to boost productivity by creating an explorable visual timeline of everything displayed on the user’s screen. These snapshots are stored locally and analyzed using on-device AI. However, cybersecurity researchers previously demonstrated how this feature could be exploited to steal unencrypted data, raising alarm bells within the tech community.
Kevin Beaumont’s investigation revealed critical vulnerabilities in the Recall feature, summarized as follows:
- Local Storage Risks: Although Microsoft claims the data is encrypted, it is decrypted when a user is logged in, making it accessible to malicious software.
- Ease of Data Theft: InfoStealer trojans can be easily adapted to extract data from the Recall database.
- Inadequate User Control: Users do not need administrative privileges to access the database, exacerbating security risks.
- Sensitive Data Exposure: Recall captures all screen content, including passwords and financial information, posing significant privacy threats.
Beaumont’s demonstration showed that a simple script could extract months’ worth of data in seconds, highlighting the potential for large-scale data breaches.
Microsoft’s response
In light of these findings, Microsoft has taken several steps to improve the security and privacy of the Recall feature:
- Opt-In Requirement: Users must now proactively choose to enable Recall. By default, it will be off, addressing one of the primary concerns regarding involuntary data capture.
- Windows Hello Enrollment: Enabling Recall requires Windows Hello enrollment, and proof of presence is necessary to view the timeline and search in Recall, adding an extra layer of security.
- Enhanced Data Protection: Microsoft has implemented “just in time” decryption protected by Windows Hello Enhanced Sign-in Security (ESS). Snapshots are only decrypted when the user authenticates, ensuring data is inaccessible without proper credentials.
Microsoft
All Copilot+ PCs will be Secured-core PCs, which include advanced firmware safeguards and dynamic root-of-trust measurement. Additionally, the Microsoft Pluton security processor will be enabled by default, providing chip-to-cloud security to protect credentials, identities, personal data, and encryption keys.
To maintain user trust, Microsoft has designed Recall with fine-grained controls allowing the pausing, filtering, and deletion of snapshots at any time. The system keeps those snapshots at local storage with no cloud involvement, and they are not shared with Microsoft or any other entity.
While Microsoft has made significant strides in addressing security concerns, users and organizations should remain vigilant and ensure they’re using a safe configuration per their security needs.