Windows Recall: Where Microsoft Went Wrong And How To Disable It For Now

Microsoft is pushing the boundaries of AI on computing machines with its new Copilot+ PCs championed by Arm processors hawked under Qualcomm's Snapdragon X line – and soon by AMD and Intel, as well. The most ambitious of the new AI-driven features is Recall. Think of it as a photographic memory system for your PC: it takes a picture of your on-screen activity in five-second intervals, saves it locally, and then lets an AI analyze it. It's kind of like an OCR (Optical Character Recognition) tool, but on AI steroids.

The benefit? Let's say you were writing about a pasta recipe. You wrote a draft but had to delete a few paragraphs to adjust the word count. Now, you need that deleted information. Just launch Recall, go back to the timeline for when you were working on the draft, and look through the numerous pictures of your on-screen work progress for the exact moment where you wrote that now-deleted paragraph. You can even type whichever bits you remember, and Recall will do the job of scanning and finding the accurate (or approximate) match from your past PC activity. 

It works with images in addition to text, which means you can also get visual matches. That's photographic memory for your computing convenience. Unfortunately, it may also be a goldmine for hackers to exploit, and security experts are legitimately concerned about it. Following expert outcry about privacy, Microsoft made some changes and put the public release on hold. 

Microsoft says it built Recall with data safety and security in mind. For example, every snapshot that Recall captures is saved locally — none of it is sent to cloud servers owned by Microsoft for any kind of analysis. This is made possible by deploying the AI locally, something Google does with its Gemini Nano AI model for Pixel 8 phones. Notably, Recall was enabled by default initially, but Microsoft changed that policy after criticism. In case you enabled it during setup, here's how to disable it: 

1. Settings > Privacy & Security > Recall & Snapshots > Save Snapshots > Disable toggle
2. Settings > Privacy & Security > Recall & Snapshots > Delete Snapshots > Delete All

Users can also tell Recall to stop saving snapshots and also put a temporary pause on it. For sensitive tasks, such as using banking websites, users can create exceptions and filters. Similar protections apply to apps, as well. Recall doesn't save snapshots when you are browsing the web in private or incognito mode, and it won't create snapshots of material that is protected by digital rights management (DRM) content. 

Additionally, content saved by Recall is protected by encryption solutions like BitLocker or Device Encryption. Furthermore, if another user account is signed on to the same Windows account, Recall snapshots won't be accessible because they are now locked behind Windows Hello log-in and user presence for snapshot decryption.

James Forshaw, a security expert on Google's Project Zero team, published details in early June 2024 on a workaround that bypassed the need for admin privilege to access Recall data on a machine. Prior to that, ethical hacker Alex Hagenah created a proof-of-concept tool called TotalRecall capable of extracting a machine's entire Recall snapshot data.

Cybersecurity veteran Kevin Beaumont, who formerly worked as a Senior Threat Intelligence Analyst at Microsoft, detailed how he had exfiltrated his own Recall data using Copilot+ software on a machine without a dedicated AI chip. "They have tried to do a bunch of things but none of it actually works properly in the real world due to gaps you can drive a plane through," wrote Beaumont on May 31 in reference to Microsoft and its new feature. The biggest risk factor is that since Recall saves everything — including content you've deleted — hackers could even potentially steal snapshots of erased PC activity.

"During testing this with an off-the-shelf infostealer, I used Microsoft Defender for Endpoint — which detected the shelve infostealer — but by the time the automated remediation kicked in (which took over ten minutes) my Recall data was already long gone," he explained. The Information Commissioner's Office, which is the U.K.'s data watchdog, also quickly expressed concerns about the privacy implications. "We are making enquiries with Microsoft to understand the safeguards in place to protect user privacy," the ICO said in a statement on May 22.

Following backlash, Microsoft announced on June 7, 2024, that Recall will be disabled by default, which means users will need to activate it during the opt-in setup process for saving snapshots. Additionally, Recall will be secured behind a Windows Hello log-in, which means the activity log won't be accessible without the right face, fingerprint, or PIN to unlock the machine. "In addition, proof of presence is also required to view your timeline and search in Recall," assures Microsoft.

Beyond that, Recall is putting faith in the security measures deployed by other companies on their respective websites and apps. "It will not hide information such as passwords or financial account numbers. That data may be in snapshots that are stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry," says Microsoft.

So, for example, if a banking website or app doesn't hide credentials behind dots or asterisks during the sign-in process, a snapshot of that sensitive information would be saved locally on a computer running Recall. Adolf Streda, Malware Researcher at Avast, tells SlashGear that to access that kind of granular data, hackers would usually have to deploy sophisticated tools like keyloggers and screen grabbers. Recall snapshots seemingly turn into a wholesale data market, and open new avenues for sextortion scams, as well. "All that remains for them is to figure out how to access Recall's storage or scam you into providing them access to it," notes Streda.

Nick Hyatt, Director of Threat Intelligence at Blackpoint Cyber, tells SlashGear that owing to the sheer convenience it offers at finding the information we lose track of, Recall is a lucrative feature addition. But Hyatt focuses on the encryption scenario for Recall, something Beaumont also highlighted in his research. When a person is using a machine, all the saved data is decrypted so that the user can access it — it's only protected by encryption when the user is not logged in.

"At-rest encryption helps, for example, if you leave your laptop in a car and it's stolen out of the backseat. What this doesn't protect against is infostealer malware — it's a trivial modification for adversaries to support Recall data," adds Hyatt. Moreover, the risks are not just personal, but can be damaging for a company, as well. He points to the risks of domestic abuse, where even deleted messages shared across platforms like WhatsApp and Signal could appear in the snapshots of PC activity captured by Recall.

"A categorized, searchable database of every activity conducted by a user could literally result in people dying should attempts to get help be discovered," Hyatt explains. On the topic of large-scale attack risks, he mentions companies that may adopt the AI feature. "I think Recall is a massive misstep by Microsoft and should be recalled, as the security risks outweigh any tangible real-world benefit," Hyatt tells us. 

Meanwhile, Nate Warfield, Director of Threat Research & Intelligence at Eclypsium, notes that the repercussions of such a risk are "near impossible to comprehend." By utilizing the AI feature, these companies would not only give a bad actor access to valuable data in real time, but also a massive log of past activity.

A majority of experts who talked to SlashGear highlighted the threat posed by infostealing malware and how bad actors would simply adapt their tools to deal with Recall firewalls. Josh Amishav, CEO at Breachsense, tells SlashGear that there may be secondary vulnerabilities that can be weaponized to get past the encryption. "Infostealers are already capable of storing screenshots, and incorporating OCR (optical character recognition) to extract sensitive data from these images could become increasingly common," he tells us.

Microsoft notes that Recall can be disabled by users who could also adjust its activity temporarily. So far, we have not seen any verified jailbreak demonstrations, but in the past, depending on the status of local remote control options and registry setups, hackers have been able to disable system shields remotely. Microsoft's Recall could be another addition to the list, Amishav warns. "Another important issue is that even if a user disables Recall, attackers can re-enable it through PowerShell, leading to unauthorized surveillance," says the Breachsense founder.

On the point of Microsoft putting the onus of safety on users and third-party websites, there is still an inherent problem at play. "While modern computing systems generally hide credentials input into a login form, the systems behind the login form, including any sensitive information they contain, will be preserved by Recall," Eclypsium's Warfield tells SlashGear. He also points at the history of Microsoft, noting that despite all the positive efforts the company has made over the years, "every single one of their security controls has had vulnerabilities and bypasses."