Windows Recall Security

Windows Recall is a feature that was met with a lot of scepticism in the community and was recalled (pun intended) by Microsoft to address several privacy and security issues raised by a lot of people. Basically, Recall is a feature that stores everything you do on your Windows system, stores it in a database and then uses AI to find that website you browsed last week, or your Facebook password. The feature is being launched as part of their Copilot+ PCs, initially available for Snapdragon-powered PCs but will eventually be available across AMD and Intel as well.

When first revealed, Recall had several weaknesses and risks which made the community scream out loud. Issues such as: storing the recall snapshots (snapshots are what they call the data recall saves in its database) unencrypted; not being able to uninstall the feature; prompt injection risks, and; huge privacy concerns. There was even an offensive tool released quickly after the first Recall release.

Now, Microsoft is releasing this feature once again, and has addressed the public's concerns. But what are the actual improvements and are there any new considerations to make before enabling this feature? This is what Microsoft says about the previous security concerns, in the release:

Recall is an entirely new way to instantly find something you've previously seen on your PC. Based on your feedback, we have worked to make Recall even more secure by default, ensuring that you feel confident that your data is safe and secure. Additionally, Recall will be off by default for all commercial devices. You will need to allow Recall via policy before users will be able to opt-in. Once enabled, devices will use Windows Hello to confirm a person's identity (and presence) and then securely unlock the Recall experience. For more details, see the recent Update on Recall security and privacy architecture. We will share more about controls for Recall and other Copilot+ PC news at Microsoft Ignite. ~ Microsoft

What security features are new in Microsoft Recall?

Microsoft describes four principles that can be summarized to:

1. Users have to opt-in, it is not enabled by default (for commercial licenses)
2. "Sensitive data" is encrypted
3. Recall services are isolated
4. Uses Windows Hello Enchanced Sign-in

Microsoft does not force their commercial users to use Recall, great! But I haven't found any documentation specifically for non-commercial licenses which concerns me. Either the opt-in is for all licenses, or privacy is only a right for commercial costumers. We will see where this goes.

One great addition is the encryption feature. The snapshots are now stored encrypted, encryption keys are stored in the Trusted Platform Module (TPM) and the services to perform operations on the snapshots are executed in VBS enclaves. VBS is a trusted execution environment (TEE) that isolates code from both kernel and admin users. To use VBS enclaves Windows Hello Enhanced Sign-in must be enabled and biometric credentials enrolled, except if the user adds a PIN for fallback reasons. One other reaction I had is that Microsoft says "sensitive data is encrypted", making me think that there could be data which Microsoft considers not sensitive and thus not being encrypted.

They also addressed several privacy concerns. Private browsing is not saved (for supported browsers, i.e. the popular ones), apps and websites can be filtered by the user, users can configure data retention, recall should detect passwords, IDs, credit card numbers and not store those in the snapshots.

For what it's worth, it seems like a good and solid design. The security architecture implements a multitude of security features to protect the data and several features to allow the user to be in control. In my opinion Microsoft did what they can to address the concerns the community had, and they delivered.

I believe we will see this being attacked by security researchers and threat actors alike in many creative ways. Even though Microsoft has done good work safeguarding this feature I'm sure that vulnerabilities will be found, like for all software. But that is not the biggest risk in my opinion. Threat actors don't usually go for zero-days or cool exploits during post-exploitation (which is what I think Recall could be mostly abused for). Threat actors abuse features in ways they where meant to work.

A few attacks that I could think of would be:

• Malware prompts the user for biometric credentials.
• Attacker guesses, or obtains with other means, the fallback PIN code
• Attacker embeds malicious content to be included in the snapshot

Another good note to end with is that AI is a security risk in itself and should be integrated with great care. Not only do you need a structured plan and clear policy to deal with risks introduced by the use of AI in the organization, but also the integration of other tools that use AI.

This blog post was NOT brought to you by AI

References

• VBS Enclave
• Recall security and privacy architecture
• Windows 11, version 24H2: What’s new for IT pros
• Update on the Recall preview feature for Copilot+ PCs