Microsoft enhanced Recall security, but will it be enough?

After a rocky announcement and repeated delays, Microsoft Copilot's new Recall feature is finally rolling out with security enhancements that experts say are promising but might not address all concerns.

On Friday, Microsoft announced that its preview release of Recall, a controversial tool announced in May as a feature of the company's range of AI-powered Copilot+ PCs, would be expanded beyond Snapdragon-powered Copilot+ PCs to include Windows Insiders on AMD- and Intel-powered devices. Recall takes screen captures to remember what the user has seen on their Copilot+ PC, and then enables them to use natural language commands to "recall" requested documents, files, websites and more.

This brought immediate security and privacy concerns, with critics taking issue with the tool's keylogger-style functionality and potential susceptibility to AI-focused cyberattacks such as prompt injections. Security researcher Alexander Hagenah developed a tool called TotalRecall, which, according to its GitHub page, "extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots." Longtime security researcher Kevin Beaumont, a former Microsoft senior threat intelligence analyst, described Recall as a "disaster" in a May Medium post.

In response to the waves of criticism and concerns, Microsoft shifted its plans for Recall's release several times over the last six months. The feature was originally planned to launch in a broad preview on Copilot+ PCs in June, but the company later announced that the preview would be for Windows Insider Program members "in the coming weeks."

In August, Microsoft announced that Recall would be available for Windows Insiders starting in October. However, the Windows Insiders preview was delayed yet again and pushed to December. Then, on Nov. 22, Microsoft released a Windows Insider build for Snapdragon-powered Copilot+ PCs with Windows 11 installed that includes a preview version of Recall. And as stated, AMD and Intel chips were added to this rollout on Dec. 6.

In late September, Microsoft reintroduced Recall with new security and privacy enhancements. Originally presented as an on-by-default feature, Recall is now an opt-in feature. In a Sept. 27 blog post, Microsoft said sensitive data in Recall is encrypted, snapshot-related data is isolated and stored locally, and users have significant control over how and when data in Recall is stored. Microsoft has said Recall's delays and improvements reflect the company's security-first mindset as presented in its Secure Future Initiative expansion announced this spring.

Security and privacy experts said some concerns still remain, even though the announced security enhancements are promising.

Thorin Klosowski, security and privacy activist with civil liberties nonprofit Electronic Frontier Foundation, said the announcement of Recall sparked a conversation about what it means for data to be stored on-device, and how much trust one wants to put in a company when it says that. He also said privacy concerns were twofold -- not only Recall providing an attack surface, but also potential privacy issues if a parent or partner accesses the computer. "It was just a disaster of a direction," he said.

Klosowski said Recall's security updates changed his feelings somewhat, but several concerns remain.

"I think that if it is something that people are choosing to use and turn on, then that's fine. No one's going to complain about someone choosing to buy or download extra software that does the same thing," Klosowski said. "It's more about ensuring that people know what is being captured. And I'm curious to see if there's any sort of notification or acknowledgement that it's on a PC -- if it's a shared computer, especially. I think that is going to matter a little bit, especially for people that share a family computer, or however that might work."

Klosowski further raised that because Recall is limited to only Copilot+ PCs during the initial Windows Insider preview, it is hard to tell how many users will opt in or even have the ability to opt in.

Dustin Childs, head of threat awareness at Trend Micro's Zero Day Initiative, said Microsoft's improvements are significant, but time will tell if they will be enough. One of the best features, he said, is binding Recall to the Trusted Platform Module, which encrypts the keys needed to access necessary data. He also appreciates the ability to exempt certain applications from Recall, as well as the ability to remove it entirely.

"To me, the best feature is the ability to uninstall it," Childs said. "There are still many unresolved questions around Recall, and giving the end user the option to not deal with that level of attack surface is welcome. I'm never a fan of [nonremovable] features as they tend to introduce uncontrollable risk."

Alessandro Acquisti, the Trustees Professor of Information Technology and Public Policy at Carnegie Mellon University's Heinz College as well as a researcher of privacy and information security, said Microsoft's update did address some privacy concerns with the Recall feature, but there are still some areas of concern.

"Storing so much information while making it so easily retrievable through AI will inevitably create unexpected edge cases (consider a scenario in which different members of a family share the same Windows login for their respective personal activities, but forget about the Recall feature)," he wrote in an email to Informa TechTarget Editorial. "And, of course, Recall data will remain private only to the extent that the system will remain secure. So, the probability of a successful attack (e.g., unauthorized access to the data) has decreased, but the potential damage, conditional on a successful attack, is still there."

Trellix Public Sector CTO Karan Sondhi agreed with sentiments that Microsoft's improvements reduce the potential attack surface for general consumers, but expressed concern with "highly regulated industries" such as defense and intelligence where the threat landscape is more sophisticated.

"For example, an attacker might exploit a zero-day vulnerability in the isolation mechanism to perform a side-channel attack, potentially inferring sensitive information despite the safeguards," he said. "To further limit the attack surface, I recommend implementing additional measures such as enhanced encryption protocols, manual controls over sensitive data classification, and comprehensive auditing and logging capabilities. This awareness of potential risks will help us all be better prepared."

Sondhi said that in a hypothetical scenario, an insider threat could potentially exploit Recall to exfiltrate classified information, under the assumption that "the enhanced security measures would conceal their actions." As such, Sondhi advised organizations to integrate strict access controls, provide user training and establish continuous monitoring.

Informa TechTarget Editorial contacted Microsoft for additional information, but the company did not respond at press time.

Alexander Culafi is a senior information security news writer and podcast host for TechTarget Editorial.