Microsoft Tweaking Security Measures For Controversial Recall Tool
Microsoft’s Recall tool – which captures and stores screenshots every five seconds of a user’s desktop activity – came under intense scrutiny earlier this year over privacy concerns.
Ethical hacker Alex Hagenah showcased a tool called TotalRecall, that shows how anyone with enough know-how and the right tools could steal the recalls saved on a Windows machine and access that data, encryption-free, on a target device.
In June, Microsoft said it would launch the Recall feature in Copilot+ PCs as an opt-in feature, giving customers the choice of whether or not they’d like to have that feature.
It then added that the initial Copilot+ PCs would begin selling without Recall activated on it. Instead, Microsoft released it as a preview within the Windows Insider Program (WIP).
Ahead of the major Windows 11 update launch in November, Microsoft has offered up more details about Recall’s security measures.
The company says Recall’s snapshots and related data will be protected by VBS Enclaves, which it describes as a “software-based trusted execution environment (TEE) inside a host application.”
Users must actively turn Recall on during Windows setup, and they can also remove the feature entirely.
Microsoft said that it will be using Windows Hello to interact with every aspect of the feature, including changing settings.
“Recall also protects against malware through rate-limiting and anti-hammering measures,” David Weston, Microsoft’s VP of OS and enterprise security, wrote in a blog post. “Recall currently supports PIN as a fallback method only after Recall is configured, and this is to avoid data loss if a secure sensor is damaged.”
Microsoft added that, by default, Recall won’t save private browsing data across supported browsers like Edge, Chrome and Firefox. Additionally, the feature will also have sensitive content filtering on by default to keep things like passwords and credit card numbers from being stored.
The company says that a third-party security vendor, which it did not name, was engaged to perform an independent security design review and penetration test.
The Microsoft Offensive Research and Security Engineering team (MORSE) has also been testing the feature for months.
While Microsoft has said that Recall will be available on Copilot+ PCs, it is yet to confirm a date when it will be rolled out as a general release for all compatible devices.