Windows: Microsoft's "improved" Recall continues to record sensitive information

Posted on 2024-12-13 by guenni

Stop - Pixabay[German]Recall was withdrawn by Microsoft in summer 2024 due to serious security flaws. Now Microsoft is in the process of rolling out its "and really secure" version of Recall, which has been revised over months, to Windows Insiders again. What could possibly go wrong? Testers were surprised to discover that the new Recall is a nightmare. Despite the appropriate setting, confidential documents with credit card data etc. are also recorded. Oh what a surprise …

Advertising

Recall, a brief historical review

Recall is a Windows feature that can constantly take screenshots of the user's screen and use them in a generative AI model to process the data and make it searchable. Microsoft's promise was that the user would only have to type in a keyword to find out when they had done something or where the documents with this keyword could be found on their computer.

The first version of Recall was released by Microsoft in the summer of 2024. Security researchers tore the concept apart and Microsoft was forced to withdraw Recall and fundamentally revise it. I took up the whole thing in the article Copilot+AI: Recall, a security disaster – AI-assisted theft.

Originally, the release of Recall in Windows 11 24H2 was planned for October 2024. After the withdrawal, Recall was said to come later – at the beginning of September 2024, Recall was rolled out via an update in Windows 11 24H2 (see Windows 11 24H2: Update KB5041865 ships Recall), but then withdrawn again at the last moment.

In the article Windows 11: Recall is delayed it was said that Recall would be available as a preview for Windows Insiders on Copilot+PCs in December 2024. I recently reported on the availability for Windows Insiders on Copilot+PCs in the article Recall is back for Windows Insiders on Copilot+PCs. The version for AMD and Intel processors was released recently.

Tests reveal new disaster

The big fear is that confidential information will be unintentionally recorded by Recall and then misused by third parties or malware at some point – Recall is a built-in bug that is constantly looking over the user's shoulder. Microsoft has described in detail in various blog posts how well Recall's recordings are protected from third parties and that the user has control over what data is recorded. Testers have now had the opportunity to take a closer look at the revised Recall in the Windows Insider Previews for Copilot+PCs.

Advertising

Microsoft Recall

I came across the article Microsoft Recall screenshots credit cards and Social Security numbers, even with the "sensitive information" filter enabled from Tom's Hardware (as well as other articles, a discussion can be found here). The tester had the opportunity to test Recall as a Windows Insider on appropriately equipped machines (Copilot+PC).

The new version of Recall encrypts the captured screens and Microsoft has enabled the "Filter sensitive information" setting by default. This option is generally understood to prevent Recall from capturing and recording sensitive information such as credit card numbers, social security numbers or other important financial/personal information in apps or websites. This would still be protected from all too obvious misuse with Windows Hello and encryption. But what is recorded is exposed to the latent risk of the information falling into the hands of "unauthorized persons".

The author of Tom's Hardware did a test and found that this filter only worked in some situations (he was able to confirm filtering on two e-commerce websites). However, when the tester entered a credit card number and a random username/password into a Windows Notepad window, Recall captured this data. And this despite the fact that he had entered text such as "Capital One Visa" right next to the numbers, he writes. Well, that's a "crude case".

But the situation was similar when the man filled out a PDF loan application in Microsoft Edge, entering his social security number, name and date of birth. This is already very sensitive information and the filter should have been activated.

The tester then also created a separate HTML page with a web form that explicitly stated: "Enter your credit card number below". The form contained fields for credit card type, number, CVC and expiration date. Recall should have blocked this form in the record. But the software captured an image of the completed form with the credit card information.

In other words, Microsoft's promises about Recall are (so far) smoke and mirrors – there is a gaping hole in the promised "data" protection. Well, it's just software that fails, there's nothing you can do. It's still an Insider Preview, so you shouldn't overestimate it. Recall will be really good if Microsoft tweaks it a little.

The author of the article then asked Microsoft and was referred to the blog post on the preview of Recall, where it says:

"We've updated Recall to detect sensitive information like credit card details, passwords, and personal identification numbers. When detected, Recall won't save or store those snapshots. We'll continue to improve this functionality, and if you find sensitive information that should be filtered out, for your context, language, or geography, please let us know through Feedback Hub. We've also provided an option in Settings that we encourage you to enable that will anonymously share the apps and sites you prefer to be excluded from Recall to help us improve the product."

Deactivate Copilot and Recall in O&O ShutUp10

By chance I received an email from a blog reader yesterday (thanks for that) who pointed out to me that the latest version of the tool O&O ShutUp10 offers to deactivate Recall and Copilot. This also works with Windows 10 Home or Pro.

Copilot und Recall in O&O ShutUp10 deaktivieren
Disable Copilot and Recall in O&O ShutUp10, Click to zoom

The reader sent me the above screenshot. I'm not a big fan of the above tool (too often people have had collateral damage, and in the past they have posted in Microsoft Answers forums with calls for help). But for the private sector, the tool can be a help in the above context to prevent copilot and recall. However, I still hope that Recall will still have to be explicitly downloaded and installed as a Store application (see Windows 10/11: Copilot as a native app for Windows Insiders).

Similar articles:
Copilot+AI: Recall, a security disaster – AI-assisted theft
Microsoft improves AI feature Recall and adds "security measures" – is that enough?
Windows 11 Copilot+PC will be released without recall
Windows 11: Recall to get a second chance, coming in October 2024 as a preview for Insiders
Windows 11 24H2: Update KB5041865 ships Recall
Microsoft explains Windows 11 Recall in a revised version
Microsoft's AI PC with Copilot – some thoughts – Part 1
Windows 11 24H2: Recall can't be uninstalled; and "poor mans recall" found
Windows 11: Recall is delayed …
Recall is back for Windows Insiders on Copilot+PCs
Windows 10/11: Copilot as a native app for Windows Insiders

Advertising
This entry was posted in ios, Security, Update, Windows and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).