Microsoft will switch off recall after security backlash
What Have We Learned about Microsoft and How Do We Continue to Provide a Better Experience for Our Customers? A Response to Davuluri on Recall Security
“As we always do, we will continue to listen to and learn from our customers, including consumers, developers and enterprises, to evolve our experiences in ways that are meaningful to them,” says Davuluri “We will continue to build these new capabilities and experiences for our customers by prioritizing privacy, safety and security first. We are thankful for the feedback of customers who continue to communicate with us.
Microsoft made a number of dramatic changes to its recall feature on Friday which will include allowing it to be used as an opt-in feature in Copilot+ compatible versions of Windows where it had previously been turned on by default, and new security measures designed to better keep data and ciphers.
Davuluri references Microsoft’s SFI principles in today’s response, noting that the company is taking action to improve Recall security. But it appears to be largely down to security researchers flagging these issues rather than Microsoft’s own security principles because surely these issues should have been flagged internally far before this launch.
It has been called on employees to make security Microsoft’s top priority if that means being more focused on new features. In an internal memo, he says that if you are faced with a tradeoff between security and another priority, you have to do security. In certain cases, this will mean sacrificing other things, such as releasing new features or giving ongoing support for legacy systems, in favor of security.
Using Windows Hello to Enable Recall: A Comment on Aitel’s “Sacrificial Threats” to the PC and “Compromises with the Security of My Computer”
Microsoft will also require Windows Hello to enable Recall, so you’ll either authenticate with your face, fingerprint, or using a PIN. “In addition, proof of presence is also required to view your timeline and search in Recall,” says Davuluri, so someone won’t be able to start searching through your timeline without authenticating first.
The Recall database is extracts by TotalRecall so that you can easily view what text is in there and the screenshots that have been generated. NetExec appears to be getting its own Recall module soon that can access Recall folders and dump them so you can view the screenshots easily. There is currently no full protection on the recall database, so all these tools are possible.
“It makes your security very fragile,” as Dave Aitel, a former NSA hacker and founder of security firm Immunity, described it—more charitably than some others—to WIRED earlier this week. “Anyone who penetrates your computer for even a second can get your whole history. Which is not something people want to do.