Home > Latest News > Microsoft Tweaking Security Measures For Controversial Recall Tool

Microsoft Tweaking Security Measures For Controversial Recall Tool

Microsoft Recall

Microsoft’s Recall tool – which captures and stores screenshots every five seconds of a user’s desktop activity – came under intense scrutiny earlier this year over privacy concerns.

Ethical hacker Alex Hagenah showcased a tool called TotalRecall, that shows how anyone with enough know-how and the right tools could steal the recalls saved on a Windows machine and access that data, encryption-free, on a target device.

In June, Microsoft said it would launch the Recall feature in Copilot+ PCs as an opt-in feature, giving customers the choice of whether or not they’d like to have that feature.

It then added that the initial Copilot+ PCs would begin selling without Recall activated on it. Instead, Microsoft released it as a preview within the Windows Insider Program (WIP).

Ahead of the major Windows 11 update launch in November, Microsoft has offered up more details about Recall’s security measures.

Microsoft Recall

The company says Recall’s snapshots and related data will be protected by VBS Enclaves, which it describes as a “software-based trusted execution environment (TEE) inside a host application.”

Users must actively turn Recall on during Windows setup, and they can also remove the feature entirely.

Microsoft said that it will be using Windows Hello to interact with every aspect of the feature, including changing settings.

“Recall also protects against malware through rate-limiting and anti-hammering measures,” David Weston, Microsoft’s VP of OS and enterprise security, wrote in a blog post. “Recall currently supports PIN as a fallback method only after Recall is configured, and this is to avoid data loss if a secure sensor is damaged.”

Microsoft added that, by default, Recall won’t save private browsing data across supported browsers like Edge, Chrome and Firefox. Additionally, the feature will also have sensitive content filtering on by default to keep things like passwords and credit card numbers from being stored.

The company says that a third-party security vendor, which it did not name, was engaged to perform an independent security design review and penetration test.

The Microsoft Offensive Research and Security Engineering team (MORSE) has also been testing the feature for months.

While Microsoft has said that Recall will be available on Copilot+ PCs, it is yet to confirm a date when it will be rolled out as a general release for all compatible devices.



You may also like
Copilot+ PC Upgrade Deals With Fears Over Recall Feature
Rollout Of Controversial Windows Recall Feature Delayed
All New Lenovo PCs To Have AI Capabilities By 2027
Microsoft’s New AI Tool Faces Intense Security and Privacy Backlash
Serious Concerns Over Intel & AMD Copilot Plus PCs

Popular Posts

Amazon Releases Three New AI-Enabled Fire HD 8 Tablets
Latest News
/
/
Apple Watch Series 10
Apple Pulls Buggy WatchOS 11.1 Beta 3 Update
Latest News
/
/
New Moto Buds Launched In Australia
Latest News
/
/
SmartThings Feature Unveiled At Samsung Dev Conference
Latest News
/
/
Just An ‘Accounting Issue’ Claims Harry” Chatlani After Being Sued By Kogan
Latest News
/
/

Digital Magazines

Recent Post

Amazon Releases Three New AI-Enabled Fire HD 8 Tablets
Latest News
/
//
Comments are Off
Amazon has unveiled three new Fire HD 8 tablets: the Fire HD 8 (2024), Fire HD 8 Kids, and Fire...
Read More