MicrosoftThe recall feature recently returned to Windows Insiders Extracted from beta version Back in June, due to security and privacy concerns. The new version of Recall encrypts captured screens and has the “Filter Sensitive Information” setting enabled by default, which should prevent it from recording anything showing credit card numbers, Social Security numbers, or other important financial/personal information . However, in my testing, this filter only worked in some cases (on two e-commerce sites), leaving a gaping hole in its promised protection.
When I entered a credit card number and a random username/password into a Windows Notepad window, Recall caught it, even though there was text like “Capital One Visa” next to the number. Likewise, when I fill out a loan application PDF in Microsoft Edge, typing social Safety Phone number, name and date of birth, recalled. (Please note that all information in these screenshots is fictitious).
I also created my own HTML page that contained a web form that clearly said “Enter your credit card number below.” This table contains fields for credit card type, number, CVC, and expiration date. I thought this might trigger Recall to prevent it, but the software captured an image of the form I filled out, which contained credit card information.
On the bright side, Recall refused to capture the credit card field when I visited the payment pages of both Pimoroni and Adafruit online stores. In both cases, it only captures the screen or blank form before and after the credit card entry form.
So, when it comes to real-world business websites that I visit, Recall is right on target. However, my experiments proved that it is almost impossible for Microsoft’s artificial intelligence filters to identify every situation where sensitive information appears on the screen and avoid capturing it. My examples are intended to test filters, but they are not edge cases. Real people do put sensitive personal information into PDF forms. They write things down or copy and paste them into word files and then type them into sites that don’t look like typical shopping sites.
I reached out to Microsoft for comment, and the company responded by pointing me to parts of its Blog post about previewing memorieswhich states:
“We have updated Recall to detect sensitive information such as credit card details, passwords and PINs. When detected, Recall does not store or save these snapshots. We will continue to improve this feature if you find that it is targeting you Sensitive messages that should be filtered out by context, language, or location, please let us know via the Feedback Center We also provide an option in Settings that we encourage you to enable that will anonymously share the information you wish to avoid. to help us improve our products.
As a result, the company promises that Recall will get better at filtering sensitive information over time. But how much it improves and how many vulnerabilities remain remains an open question.
How recalls work
Recall’s purpose is to provide searchable memory for all your computer activities, becoming your one-stop digital memory. So this feature, only available on Copilot+ PC, takes screenshots of everything you do on your PC, arranges those images in a timeline, and makes them searchable using natural language search. If you forget the website you visited when you were considering buying a red sofa, you can search for “sofa” and it should bring up a picture of the exact page you visited. Because it’s powered by artificial intelligence, it can also read text in images and let you copy it.
The problem with Recall is that it keeps a digital record of everything you do, which can be discovered by bad actors regardless of security. When Recall first appeared on Insider Builds last spring, researchers noticed that it did not encrypt the screenshots it captured and instead stored its database in plain text. In response to negative media attention, the company withdrew Recall from Insider builds and promised to bring it back only with some security upgrades.
The new version of Recall is now opt-in instead of opt-out – I received a prompt to enable Recall immediately after installing Insider Build. After updating my laptop, a pop-up message appears as soon as I restart it.
Recall has a “sensitive information filter” that’s enabled by default, and it appears to actually be encrypting the data it captures. It also requires you to log in using Windows Hello every time you open the Timeline-like Recall app.
While I couldn’t immediately tell how good the encryption was, I did try to open the library file and the screenshot file, but both failed. The database file appears to be named ukg.db (that’s what it’s called) Called Spring Recall Release) and it is located in C:\users\[your username]\AppData\Local\CoreAIPlatform.00\UKP\{some number} folder. This spring, when it was unencrypted, researchers were able to use an application called DB Browser (SQLite) to open the file and read its data. However, now I can’t open it.
The screenshot appears to be a file in a subfolder called AsymStore. I can’t open them either, I’ve tried opening them as PNG, BMP or JPG. Maybe a hacker will figure out how to open these files, but as far as I know, typical users can’t open them outside of the Recall app.
The only way I can view Recall screenshots is to search my timeline using the Recall app or browse it. Every time I open the Recall app, I’m asked to log in using my Windows Hello face. When I first opened the app, it insisted that I set up Windows Hello biometric login using my face or fingerprint. However, Windows Hello also allows me to log in using a 4-digit PIN.
So if a bad actor has access to your computer and knows your PIN, they can bypass the biometric security check to view Recall. They don’t even need physical access to the computer. I was able to access the Recall application and view the timeline on the remote computer using the popular remote access application TeamViewer.
You might argue that others probably won’t be able to access your desktop remotely without your permission. You can also take solace in the fact that Recall appears to filter out shopping pages from its captures (at least in the instances I tested). But all you need is the right blend of events and your profile, and anything from your Social Security number to the username and password you use for email can be harvested by hackers.