Microsoft Recall's security woes have come back to the fore after a test caught the AI screenshotting tool capturing sensitive data (again). Ahead of its public beta release in April, Microsoft made a slew of security updates to Recall, including adding a filter that's supposed to block Recall from recording passwords, credit card info, social security numbers, and similar sensitive data. It looks like more fine-tuning is still needed.
The Register's Avram Piltch conducted an in-depth security test on Recall that revealed the AI doesn't always filter out sensitive data. The filter was usually successful when keywords like "password" or "pay" were on screen, but whenever they weren't, Recall often misfired and took a screenshot. For instance, it screenshotted a text document with a list of usernames and passwords that weren't labeled.
It makes sense that Microsoft's AI might rely on searching for visual hints like the word "password" to recognize when sensitive info is on screen. However, that's clearly a hit-or-miss strategy. If those keywords aren't displayed the way the AI expects or they're completely missing, there's a decent chance the filter won't work. That means you really never know if Recall is going to correctly filter out your sensitive data or not.
As Piltch pointed out, "There are so many ways that people store and refer to personal data that it's impossible to imagine Recall or any software catching them all."
Passwords and credit card numbers aren't the only sensitive info at risk with Recall, either. Piltch's test also caught the AI screenshotting a bank account page that showed balance and transaction info. Even without the corresponding account login info, that data could still be useful to a hacker.
That brings up the next issue Piltch's test unearthed: it's possible to remotely access Recall screenshots. You can only activate Recall after setting up Windows Hello Enhanced Sign-On, which is supposed to require a fingerprint or facial ID. Piltch was also able to sign into Windows Hello with just a PIN, though, then use that PIN to remotely access all of the Recall screenshots on his Copilot+ PC.
For those who have been following along with the Recall rollercoaster, none of this will come as a surprise. The feature has faced wave after wave of criticism for the security and privacy issues it raises and no amount of security updates seem to be able to fix that. Despite still being a WIP "preview feature," Copilot is clearly a major initiative from the AI-obsessed Microsoft, and as Piltch points out, Recall is already being advertised during the setup process in Windows 11. For right now, it looks like your safest and smartest move is still to keep Recall completely turned off.
