Microsoft strengthens the security of its AI feature 'Recall'

Microsoft has announced significant improvements to its AI feature 'Recall' following criticism that the tool was an attractive target for hackers. In an interview, David Weston, Vice President for Enterprise and Operating System Security, stated that the company has taken the criticism seriously and developed multiple security layers for Recall to be protected against even the most sophisticated hackers in the world. In the soon-to-be-released version, users can filter out specific apps or websites. The protection of sensitive content, which searches for information such as social security numbers or credit card numbers, will be activated by default. Private browsing in supported applications will not be saved, Weston added. Biometric authentication, such as facial recognition or fingerprint, is required to activate and use Recall. The data captured by Recall are stored in an isolated environment, and only requested information leaves this secure space. Microsoft describes Recall as 'a searchable timeline of your PC's past,' allowing for easier browsing and sorting of the computer history. The technology periodically takes screenshots of the computer screen, which are saved and analyzed. Shortly after Recall's announcement in May, security researchers warned that malicious actors could access data stored locally on the user’s PC. This criticism came at a time when Microsoft was already under pressure due to several notable hacks. In June, Microsoft stated that Recall would be shipped in the 'off' position on the AI-branded PC line. This setting remains, with users having to actively choose to use Recall. In the new version, sensitive data will be encrypted with keys and stored isolated on the user device, ensuring that even in the event of malware infection or theft, unauthorized access is not possible. Biometric matching is required to decrypt the data, Weston explained. Recall will also automatically deactivate after 15 minutes of inactivity, adjustable to user preference. 'We want users to have it available when needed, but it should not run unnecessarily in the background,' Weston said. The revised version will be available next month as a beta version for consumers. Recall only works on Copilot+-PCs, a new class of Windows 11 devices. However, the updated version will not be automatically installed on business PCs but can be downloaded by companies.