Don’t forget about Recall, because Recall won’t forget about you

The new AI function in Microsoft Windows has already been dubbed a “security nightmare” on the internet. What risks does it carry, and how to stay safe?

Why the AI-powered search tool Recall in Windows 11 is dangerous, and how to disable it

In May 2024, Microsoft introduced a new feature for Windows 11 called Recall, which “remembers” everything you’ve done on your computer over the last few months. Let’s say you want to Recall something you did on your computer recently. You enter into the search bar something like “photo of red car sent to me”, or “Korean restaurant I was recommended” — and receive answers in the form of links to apps, websites, or documents, paired with a thumbnail image of the screen captured the moment you were looking at the requested item!

Recall remembers everything you did on your computer in the last few months. Perhaps even things you'd rather forget.

Recall remembers everything you did on your computer in the last few months. Perhaps even things you’d rather forget. Source

What Recall does is take a screenshot every few seconds, which it saves in a folder on your computer. Then it analyzes all the images using AI in the background, extracts all the information from them, and places it into a database to be used for an AI-powered smart search.

Although all operations take place locally on the user’s machine, Recall sparked alarm among cybersecurity pros as soon as it was unveiled due to the many potential risks. The initial implementation of Recall was pretty much unencrypted, and available to any user of the computer. Under pressure from the infosec community, Microsoft announced improvements to the feature even before the public release, which was postponed from June 18 until around the end of the fall 2024. Yet, even with the promised tweaks, Recall remains controversial.

The dangers of Recall

All key data can be stolen in one fell swoop.

The primary risk of Recall is that all sensitive data — from medical diagnoses and password-protected conversations to bank statements and private photos — ends up stored in one place on the computer. If a threat actor gains access to your computer or infects the machine with malware, all they need do is copy the contents of a single folder, and all your secrets are spilled. While tons of screenshots are a little trickier to steal due to their large size, the text part with recognized information could be snatched in a matter of seconds.

Worse still, if an attacker manages to stealthily download the screenshots, they’d be able to reconstruct everything you’ve done on your computer over the last few months — almost second by second. Recall can save up to three months of history unless it runs out of space (by default — 10% of drive capacity, but no more than 150GB).

While in the past infostealers would primarily target login credentials, crypto wallet data, and browser cookies, this list will soon be headed by Recall databases. Concerned infosec experts have wasted no time in creating a demo utility to show just how easy it is to extract data — even remotely.

Questionable data encryption. In the initial version of Recall, screenshots and databases with recognized texts were stored in open form. This prompted cybersecurity experts to demonstrate how to bypass OS restrictions and gain access to Recall databases and screenshots of any user on the computer. To address this issue, Microsoft promises additional encryption of the databases themselves with on-the-fly decryption. However, no one has seen the implementation of this feature yet, and there’s a good chance that decryption on a local computer will pose no difficulty. As with BitLocker full-disk encryption, this encryption can protect against evil-maid attacks, but it does nothing to help those who might leave their computer unlocked or put it to sleep, or who get infected with an infostealer.

Poorly policed confidential data. Microsoft states that the Recall database will store passwords, financial data, and other sensitive data that gets displayed on-screen. Unless the user has “paused” Recall, only private windows (in Edge, Chrome, Opera or Firefox) and DRM-protected data (for example, Netflix movies) are excluded from the database. Backup recovery codes for online accounts? Disappearing chat messages? An email you thought it best to delete? All this will remain in the Recall database, and you won’t be able to surgically remove individual data fragments — you’d have to clear all information over a long period. Otherwise, anyone who sits down at your unlocked computer would be able to spy on your confidential data — the kind that banks, clinics, and online services hide behind passwords and two-factor authentication. To mitigate this issue, Microsoft has issued assurances that access to the Recall application on a local computer will require additional user authentication.

Backup access recovery codes will also end up in the Recall database, wrecking the entire multi-factor authentication security model

Backup access recovery codes will also end up in the Recall database, wrecking the entire multi-factor authentication security model

Risks at work and at home. Detailed, easily searchable information about computer activity dating back months could cause problems for those who’ve an overly demanding boss, nosey housemate, or jealous other half. The temptation will be there to use Recall to track work performance, marital fidelity, and much more.

Default mode. Initially, Recall was supposed to be enabled by default, but under public pressure Microsoft said this would not be the case. Now, when installing Windows yourself you’re prompted to enable Recall, which is now disabled by default. However, those whose computer came with Windows 11 already configured (for example, at work) would have to check the presence and operating mode of Recall themselves.

Where to look for Recall

Currently, Microsoft claims that Recall will only be available on Copilot+ computers equipped with both a special Neural Processing Unit (NPU) and Windows 11. In practice, experts have successfully run Recall on other computers. Machines with ARM processors are best suited for this, but the feature can also be activated (albeit with some difficulties) on computers with x86 architecture — and even on virtual machines in Azure. What’s clear is that Recall requires no unique hardware to work, which means that in due course the feature will become available for all Windows computers with enough power. Given Microsoft’s practice in recent years of “offering” features by automatically activating them on users’ computers, you might get an unwanted AI assistant without even realizing it.

How to check for Recall

Recall

can’t be installed on Windows 10 machines or earlier. On Windows 11, you can check for the feature by typing Recall in the Start menu search bar. If an application with this name appears in the search results, it’s installed and needs to be configured or disabled.

How to mitigate the risks posed by Recall

Some categories of users are advised to disable Recall entirely. This includes those who:

  • often store sensitive information on their computer
  • are legally obligated to strictly protect work data
  • share a computer with others
  • experience aggressive monitoring at work or home
  • have no need for AI searches

Fortunately, this isn’t hard to do. Open Settings, go to Privacy & Security -> Recall & snapshots, and disable Save snapshots. Then click Delete All to wipe previously taken snapshots.

Fortunately, Recall is easy to disable or customize.

Fortunately, Recall is easy to disable or customize. Source

If you don’t want to disable Recall completely, you need to at least configure it properly. The first step is to specify lists of applications and websites for which this function shouldn’t work. We recommend adding the following to Recall‘s exceptions:

  • all sites where you view important personal information: banks, government services, insurance and medical organizations
  • password manager sites and applications
  • sites and applications with confidential work information
  • sites and applications related to cryptocurrencies, if you use any
  • messenger apps used for confidential conversations — no matter how infrequently
If you decide to leave Recall enabled, be sure to configure the exclusion list.

If you decide to leave Recall enabled, be sure to configure the exclusion list. Source

Make sure your computer has full protection against cyberthreats, because a specialized infostealer that infects a Recall-enabled computer would be able to steal the whole history of your activity going back months prior to the infection. We can also anticipate the emergence of viruses that discreetly enable Recall for users and use it for smart recognition of all texts on your screen. After all, attackers managed to harness the Windows native encryption tool, BitLocker, using it for full-disk encryption of all information on the computer, followed by a ransom demand for decryption. We recommend Kaspersky Premium for maximum protection against malware.

In addition:

  • Enable BitLocker full-disk encryption
  • Protect your account with a strong password and biometric access
  • Configure the screen lock and use it when you step away from your computer
  • Create separate accounts for other users of the same computer, if any, or use a guest account
  • Subscribe to our blog and/or Telegram channel to be the first to know about new threats
Tips