Microsoft Recall Reportedly Still Captures Credit Cards & Passwords
Don't expect security from this feature for now.
Microsoft
When Microsoft Recall for Windows 11 was presented, most people were alarmed by this feature that takes screenshots of everything you do so you can "retrace your steps." No wonder: it sounds like a huge security catastrophe waiting to happen, although Microsoft reassured its users that the screenshots are stored locally, and no one outside the system can access them.
Since then, the company has worked on Recall's security diligently, but there are still issues, according to The Register's findings. Its editor, Avram Piltch, conducted some tests and found that the app can capture credit cards and passwords, despite Microsoft adding a filter that was supposed to block it from recording sensitive information.
The result of the investigation is as follows: the filter works if there are words like "credit card" or "pay" on the screen but fails when there is no indication that the information is sensitive.
"Maybe it's unfair to expect the software to identify a credit card number without words like 'credit card' or 'pay' near it, but not all shopping forms look the same."
Same with passwords: Recall didn't screenshot Google Chrome's password manager screen but couldn't resist just a list of usernames and passwords in a text file. "Perhaps we shouldn't expect Recall to know that a text file is full of passwords – and, no, you shouldn't keep your passwords in a text file – but many people probably have lists of their passwords without the word 'password' printed next to them."
The Register
"In another instance, I had a photo of my passport visible on the screen and Recall correctly avoided it. However, when that photo was partially covered by another window, Recall took the screenshot."
Another issue is that you can access all these screenshots remotely: they are available to anyone who has your PIN number, via TeamViewer, for example.
Microsoft declined to comment when Piltch contacted it. The editor gives Recall the benefit of the doubt, saying that the company is open about still improving its functionality and security, but the results of this test are a little disconcerting, which, though, wouldn't be a surprise at all for Microsoft haters.
Perhaps it will figure something out in the future, but for now, be at least aware of Recall's flaws.
Join our 80 Level Talent platform and our Discord server, follow us on Instagram, Twitter, LinkedIn, Telegram, TikTok, and Threads, where we share breakdowns, the latest news, awesome artworks, and more.
