The new AI feature for Windows 11 puts your data on a silver platter for hackers

On May 20th, Microsoft introduced Recall, an exclusive feature of Copilot+ for PC. This promising tool gives the computer a “photographic memory,” allowing it to revisit any previously accessed application or file. However, despite Microsoft’s efforts to explain its functionality and privacy measures, some prominent voices in the industry are not convinced of its security.

Windows 11 DOWNLOAD

Kevin Beaumont, a cybersecurity expert, has published an article on Medium where he analyzes Recall in-depth and states that this feature makes stealing everything you have seen or written on your computer alarmingly easy. Although Beaumont finds the idea behind Recall interesting, he warns that the feature lacks “incredibly careful communication, cybersecurity, engineering, and implementation.”

The system works by taking screenshots of everything that happens on the computer every few seconds, processing them with OCR (optical character recognition), and storing them in a plain text (unformatted) database in the user’s folder. This means that, although the data is encrypted on the device, it is not immune to attacks if hackers obtain the user’s credentials. Beaumont emphasizes that “they have tried a lot of things, but none of them work correctly in the real world due to loopholes that a plane can pass through.”

In addition, Beaumont created a website able to process the Recall database and instantly search for anything in it, although he has decided to postpone the project until Microsoft improves the security of the feature. Beaumont points out that “the cyber community, in general, will have a lot of fun with this when it is widely available.”

One of the biggest issues with Recall is that it stores every user interaction, including text from applications, visited websites, and more, with some minor exceptions like Microsoft Edge’s InPrivate mode. Conventional data deletion does not remove them from Recall, as they remain in the database until manually overwritten.

Microsoft Defender, although effective in detecting malware, may not be enough to protect the Recall database before it was compromised. Beaumont recommends that Microsoft temporarily remove Recall and review its implementation. Currently, Recall is available in the Windows Insider program’s preview release channel, and its release is expected alongside the first PC Copilot+, such as the new Surface Pro and Surface Laptop.

Windows 11 DOWNLOAD