When Microsoft CEO Satya Nadella revealed the new Windows AI tool that can answer questions about your web browsing and laptop use, he said one of the “magical” things about it was that the data doesn’t leave your laptop; the Windows Recall system takes screenshots of your activity every five seconds and saves them on the device. But security experts say that data may not stay there for long.
Two weeks ahead of Recall’s launch on new Copilot+ PCs on June 18, security researchers have demonstrated how preview versions of the tool store the screenshots in an unencrypted database. The researchers say the data could easily be hoovered up by an attacker. And now, in a warning about how Recall could be abused by criminal hackers, Alex Hagenah, a cybersecurity strategist and ethical hacker, has released a demo tool that can automatically extract and display everything Recall records on a laptop.
Dubbed TotalRecall—yes, after the 1990 sci-fi film—the tool can pull all the information that Recall saves into its main database on a Windows laptop. “The database is unencrypted. It’s all plain text,” Hagenah says. Since Microsoft revealed Recall in mid-May, security researchers have repeatedly compared it to spyware or stalkerware that can track everything you do on your device. “It’s a Trojan 2.0 really, built in,” Hagenah says, adding that he built TotalRecall—which he’s releasing on GitHub—in order to show what is possible and to encourage Microsoft to make changes before Recall fully launches.
The company unveiled Recall as part of a Surface laptop event last month. The tool continuously takes screenshots of whatever’s happening on your PC. Recall is intended to allow people to “retrieve” things you’ve done on your machine—whether it’s web pages you’ve visited or messages you’ve been sent—using natural language search queries. Microsoft’s description of the tool says Recall could be used to search for recipes you’ve looked at online but whose websites you’ve forgotten.
TotalRecall, Hagenah says, can automatically work out where the Recall database is on a laptop and then make a copy of the file, parsing all the data as it does so. While Microsoft’s new Copilot+ PCs aren’t out yet, it’s possible to use Recall by emulating a version of the devices. “It does everything automatically,” he says. The system can set a date range for extracting the data—for instance, pulling information from only one specific week or day. Pulling one day of screenshots from Recall, which stores its information in an SQLite database, took two seconds at most, Hagenah says.
Included in what the database captures are screenshots of whatever is on your desktop—a potential gold mine for criminal hackers or domestic abusers who may physically access their victim’s device. Images include captures of messages sent on encrypted messaging apps Signal and WhatsApp, and remain in the captures regardless of whether disappearing messages are turned on in the apps. There are records of websites visited and every bit of text displayed on the PC. Once TotalRecall has been deployed, it will generate a summary about the data; it is also possible to search for specific terms in the database.
Hagenah says an attacker could get a huge amount of information about their target, including insights into their emails, personal conversations, and any sensitive information that’s captured by Recall.
Hagenah’s work builds on findings from cybersecurity researcher Kevin Beaumont, who has detailed how much information Recall captures and how easy it can be to extract it. Beaumont also says he has built a website where a Recall database can be uploaded and instantly searched. He says he hasn’t released the site yet, to allow Microsoft time to potentially change the system. “InfoStealer trojans, which automatically steal usernames and passwords, are a major problem for well over a decade—now these can just be easily modified to support Recall,” Beaumont writes.
The criticisms come as hacks of Microsoft systems have led to various US government data breaches; Nadella has said security should be Microsoft’s “top priority.” Microsoft did not respond to WIRED’s request for comment about the security features of Recall by the time of publication.
Recall’s privacy pages say it is possible to disable saving screenshots (effectively turning Recall off), pause the system temporarily, filter applications where screenshots are taken, and delete what is gathered at any time. Recall runs on the laptop itself, storing data it captures on the device and not sending this information to Microsoft’s servers. Hagenah says this claim appears to be true, with no signs that data is sent to Microsoft.
Microsoft is, at least, aware of some of the possible privacy and security-related issues with Recall: Its help pages say the system does not perform any content moderation on what is contained in the images it saves. This means, Microsoft says in the guide, that it won’t “hide information such as passwords or financial account numbers.” Security researchers have already been able to extract passwords from Recall.
Recall’s main database is stored on the laptop’s system directory, and while it needs administrator rights to access, privilege escalation attacks have been around for years, making it theoretically possible for an attacker to gain initial access to a device remotely.
Hagenah says that in cases of employers with “bring your own devices” policies, there’s a risk of someone leaving with huge volumes of company data saved on their laptops. That’s a particular risk if they’re disgruntled or leave on bad terms, he says. The UK’s data protection regulator, the Information Commissioner’s Office, has asked Microsoft to provide more details about Recall and its privacy.
While Recall remains as a “preview” feature and, according to Microsoft’s small print, could change before it launches, Beaumont writes in his research that the company “should recall Recall and rework it to be the feature it deserves to be, delivered at a later date.” He adds: “They also need to review the internal decisionmaking that led to this situation, as this kind of thing should not happen.”
