Windows 11's Recall feature is a hacker's dreamland. Here's a timeline of what went wrong

Don't get us wrong. The idea is good.

Home » News

Reading time icon 2 min. read

Calendar icon Published on

by Rafly Gilang 

published on

Share this article

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Key notes

  • Microsoft launched Recall a while ago, and it’s been a hot security mess since then.
  • The feature lets you search anything you do by taking snapshots periodically, thanks to Azure AI that OCR’ed them.
  • But since then, security analysts have found loopholes that could be exploited by hackers.
Recall feature demonstration during Build 2024 conference

When Satya Nadella first launched the Recall feature for the Copilot+ certified hardware at the Build 2024 conference, it was met with great excitement. It’s a cornerstone of what could the future of computing be, but now, it seems like public opinion has somewhat shifted. Recall is trash, folks are saying.

But, don’t get us wrong. The premise of this feature is outstanding. Recall gives your PC a photographic memory like never before, so you can search everything you’ve ever done on your desktop or even see the “timeline” of them, thanks to Azure AI that OCR’ed those snapshots. Even though it does have a bit of a demanding minimum specification requirement, Recall still does sound promising.

Of course, that wouldn’t be possible without machine learning that takes snapshots of what you’re doing. Even though Microsoft says that the process runs locally, security analysts have discovered several loopholes that hackers could potentially exploit.

James Forshaw from Google’s Project Zero, via Wired, revealed methods to access Recall data without admin privileges, undermining its security. He identified two techniques to bypass access control lists (ACLs): one exploits an exception involving AIXHost.exe, and the other allows a hacker with user privileges to rewrite ACLs and gain full database access.

Before that, another finding by a security analyst revealed that the Recall data is not properly encrypted, despite Microsoft’s promise that it’s locked using Bitlocker. But then, the finding says that the data is stored in an SQLite plaintext database that’s readable when the user is logged into their computer.

Do other apps, like popular browsers like Chrome or Firefox, for example, store your data locally on your desktops? Sure they do. In fact, we store more valuable information than just some Recall snapshots. But, given the severity of it, it’s not unforeseen that Microsoft’s bosses are surprised by the public reaction.

Microsoft has to move fast, like it or not, and hope for the love of God that this Recall mess doesn’t really escape outside of the tech bubble. The idea is good, and it’s so great that folks have created its carbon copy, like OpenRecall, which runs locally and is available even for macOS and Linux. And, it would be a pity if they missed the chance to get folks’ trust back.  

Rafly Gilang

Rafly Gilang Shield

Tech Reporter

Rafly is a reporter with years of journalistic experience, ranging from technology, business, social, and culture. Currently reporting news on Microsoft-related products, tech, and AI on Windows Report and MSPowerUser. Got a tip? Send it to [email protected].