Microsoft AI ‘Recall’ feature could have been gift to hackers, changes coming

Microsoft is hitting the reset button on its “Recall” feature in the wake of security concerns. The company announced changes to the Windows 11 feature on Friday, June 7.

Microsoft will release the feature in a slew of new computers on June 18. Recall takes screenshots of everything users do on their computer and uses artificial intelligence to create a database of snapshots.

Recall is designed to make it easy for users to look up their activity through an index search.

However, an ex-Microsoft employee and cybersecurity expert, Kevin Beaumont, discovered Recall stored an individual’s sensitive personal data in a database in plain sight. He said that the revelations made it clear that the feature would make stealing a person’s data much easier for cyber hackers.

Beaumont said that a cyber criminal could steal “everything you’ve ever typed or viewed” on your PC “with two lines of code.” After a week of testing, Beaumont called the feature a “disaster.”

Microsoft announced a host of changes to Recall. The feature will now be turned off by default with the option to turn it on during the computer’s setup. Before Microsoft made the changes, the Recall option was automatically enabled as the computer’s default setting.

Microsoft will also require individuals to authenticate their face, fingerprint or use a pin to access the feature. The same process will be required to decrypt a user’s search index database. Otherwise, the database remains encrypted.

The changes to the Recall feature came after Microsoft’s CEO called on employees to make security the company’s “top priority,” even if that means prioritizing it over new features, according to an internal memo.

Microsoft also stressed that the Recall feature will only be available on new CoPilot-Plus PCs. The PCs have advanced safeguards built into them, designed to protect against personal data theft.

“As we always do, we will continue to listen and learn from our customers, including consumers, developers and enterprises to evolve our experiences in ways that are meaningful to them,” the company said in a statement.