Microsoft announced that an AI feature on new PCs that captures screenshots and enables searching of user activity will be off by default after security experts discovered that attackers could access the underlying data.
The Recall feature was one of the main capabilities Microsoft showcased during a press briefing last month for upcoming Copilot+ PCs with AI computing power onboard.
“If you don’t proactively choose to turn it on, it will be off by default,” Pavan Davuluri, Microsoft’s head of Windows and Surface devices, wrote in a blog post on Friday.
Microsoft has been trying to balance competing interests as it integrates new generative AI tools into its products while keeping up with the competition. The market is evolving rapidly, and user privacy and security are under intense scrutiny. A U.S. government review board recently criticized Microsoft’s handling of China’s breach of U.S. government officials’ email accounts.
Microsoft has already added the Copilot conversational chatbot to Windows, resembling OpenAI’s popular ChatGPT. Both ChatGPT and Copilot rely on cloud servers to perform necessary computations and then send back responses to PCs. Recall is different in that it stores data on users’ computers and doesn’t need to access additional computing power over the internet.
Satya Nadella, Microsoft’s CEO, directed employees to prioritize security and announced changes to its security practices following the U.S. government report.
After Microsoft announced Recall, which can search through a log of previous actions on PCs, industry experts began questioning the potential for hackers to retrieve users’ information.
Security practitioners released software called Total Recall that displays data collected by Recall.
“Windows Recall stores everything locally in an unencrypted SQLite database, and the screenshots are simply saved in a folder on your PC,” they wrote in a description of Total Recall on GitHub. They expressed concern about attackers developing tools that can search for usernames and passwords contained in Recall screenshots.
Microsoft is adding security protections to Recall in addition to requiring users to manually enable it once Copilot+ PCs become available on June 18. The search index database will be encrypted, Microsoft said.
“Windows Hello enrollment is required to enable Recall,” Davuluri wrote. “In addition, proof of presence is also required to view your timeline and search in Recall.”
With Windows Hello, users prove their identity by entering a PIN, showing their face to the PC camera, or providing a fingerprint.
“I think overall, having a choice around opting in on home systems will save a lot of people security problems further down the line,” Kevin Beaumont, a former Microsoft cybersecurity analyst who criticized the original implementation of Recall, said in a Friday post on X. “It never should have been enabled by default.”
By Andrej Kovacevic
Updated on 7th June 2024