Microsoft Windows AI Recall records user desktops every two seconds

Microsoft has announced that it is testing a new Windows 11 generative artificial intelligence experience, Recall. The feature records and takes screenshots of the user’s desktop every few seconds and was unveiled at the company’s Build 2024 Conference this month. Recall is part of Microsoft’s new Windows 11 Copilot+ PCs marketing push.

Predictably, privacy and cybersecurity advocates have already panned the Recall feature as invasive, and a “goldmine” for hackers.

Recall will be available in Microsoft’s new Windows 11 Copilot+ PCs product portfolio. Copilot+ PCs are designed to support compute-intensive artificial intelligence workflows.

They are optimized for AI and GenAI using specialized system-on-a-chip (SoC) architecture, or NPU or Neural Processing Unit. Microsoft and supporting partners, such as Dell, Acer, ASUS, HP, Lenovo, and Samsung, will offer the new product line.

Introducing Copilot+ PCs
Microsoft’s announcement of Copilot+ PC, powered by Windows 11 and Neural Processing Unit (NPU) chips. The Recall generative artificial intelligence will take screenshots of users’ desktops approximately every few seconds so users can search and refer back to activity using natural language processing. (Source: YouTube/Microsoft)

How Microsoft Recall works

The Recall AI feature records a user’s desktop every two seconds, and the user can then scroll and search through their activity.

Microsoft states that the value of Recall is to “help you easily find and remember things you’ve seen using natural language”, according to Microsoft, using AI and “photographic memory.”

If someone using Windows 11 with the Recall feature enabled with Copilot+ was browsing the internet for a red dress or blue suit, they could use Recall to search for “red dress” or “blue suit” several days later and see exactly where they saw the items online.

It can also search through documents, pictures, presentations, and files on the user’s computer or in the Microsoft OneDrive cloud storage.

Recall instantly with Recall on Copilot+ PC
A demonstration of Microsoft Recall, a generative artificial intelligence capability supported on Copilot+ PCs. Microsoft is marketing the privacy-invasive feature as “what it feels like to have photographic memory.” Personally identifiable information will not be obfuscated in screenshots stored locally on the computer. (Source: YouTube/Microsoft)

“A grab and go” opportunity for hackers

If you think this sounds like a privacy or cybersecurity nightmare, you’re right – and not alone.

“With this feature, suddenly endpoints will become a more lucrative target,” said Muhammad Yahya Patel, a cybersecurity engineer with Check Point.

“It is a one-shot attack for criminals, like a grab and go, but with Recall, they will essentially have everything in a single location.”

According to Microsoft, screenshots recorded by Recall will all be stored locally on users’ laptops and “not accessed by Microsoft or anyone who does not have device access.”

But, any personally identifiable information, medical records, or passwords visible on the users’ screens will be recorded and not obfuscated.

“Imagine the goldmine of information that will be stored on a machine, and what threat actors can do with it,” said Patel.

Microsoft confirmed that a hacker would need to “gain physical access to the device, unlock it, and sign in” before accessing recorded screenshots.

It’s unknown why physical access would be required unless it assumes Recall would enforce biometrics or a Yubikey for passkey authentication.

Privacy watchdog Information Commissioners Office, or ICO, of the United Kingdom has already contacted Microsoft for Recall.

“We are making enquiries with Microsoft to understand the safeguards in place to protect user privacy,” the ICO states.

Microsoft has stated that Recall remains in testing and is accepting feedback.

The announcement of Recall in Copilot+ seems counterintuitive to the security directive Microsoft CEO Satya Nadella is demanding of his product teams.

After several extensive, embarrassing breaches by Russian and Chinese advanced persistent threat groups to Microsoft and its customers, Nadella directed the company to “prioritize security above all else.”


Discover more from Cybersecurity Careers Blog

Subscribe to get the latest posts sent to your email.