Windows 11 AI-Powered ‘Recall’ Feature Sparks Security Concerns, Researcher Reveals Data Exfiltration Risks

Earlier, we reported about Microsoft’s New AI-powered Recall feature for Windows 11 running on the Copilot+PCs, which takes continuous screenshots of your activities. However, there were some security concerns when the AI-infused upgrade was announced at the Build Conference. While Microsoft addressed the privacy reservations through encryption assurance, a security researcher has now pointed out some serious problems with the Windows AI feature and has called it nothing less than a security ‘disaster.’

Despite Microsoft’s claim of protecting privacy with their Recall feature, an expert recently tested the feature and called it a security disaster

Microsoft ensured an encrypted Recall experience, but cybersecurity expert Kevin Beaumont questioned this claim. When testing the feature, Beaumont found some concerning security flaws as the data is stored in plain text. He expressed his deep worry that this poorly executed feature would cause some serious damage to the brand image and customers.

According to the researcher, the user data is stored in plain text in the SQLite database, holding all the records of what has been viewed on the PC. Since the data is stored in the user folder, it can be accessed by potential hackers who can invade the PCs by using malware. He warned the users that with this feature, they should expect the cybercriminals to be more empowered and for some serious “AI-powered super breach” to occur.

While Microsoft claims the data cannot be accessed remotely by any hacker as it is stored locally on the device and is encrypted, Beaumont challenged this stance. He states that the database can be accessed even when you are not an admin and can be exfiltrated remotely through the AppData files. To ensure his statement was true, the researcher exfiltrated data on the pre-released feature and then developed a website to upload the database where he tested if you could search anything on the files.

Beaumont deliberately reserved the technical details of the automated infiltration process on Recall’s database. He said he is intentionally not sharing the information yet as he is waiting for Microsoft’s response on the situation. He suggests that it is best to pause the feature from being rolled out for now due to potential security issues this feature can raise.

Microsoft has yet to respond to the ongoing security and privacy concerns, but Recall is an optional experience that can be disabled if users do not feel comfortable using it. Meanwhile, the Copilot+PCs with the AI-based Recall feature is set to be launched on June 18th.