Microsoft Recall is still screenshotting sensitive data like credit cards and passwords

Microsoft first introduced its controversial AI-powered Recall feature as an exclusive and key selling point for its new range of Copilot+ PCs in 2024. With an on-board NPU, Recall essentially takes screenshots of everything you do, stores all of that data in an indexable database that can then be called on with natural language as a powerful search tool that can tap into your Windows usage history.

4

Naturally, this brought up a whole range of security and privacy concerns, especially when it was discovered that the initial version of Recall was taking snapshots and screenshots of sensitive information like passwords, credit card numbers, and banking information. Microsoft then delayed the launch of Recall, retooled it for security and privacy, before launching it as an opt-in experience in late 2024.

One of the new features introduced with Microsoft's updated Recall was a "Filter sensitive information" setting enabled by default, which is designed to block sensitive information such as credit card numbers and passwords from being captured and recorded. A new investigation by The Register has discovered that even this is flawed, with Recall still capturing sensitive data.

Even worse, Recall screenshots are available to anyone with your Windows security PIN number and are also accessible via remote access. The Register ran several tests on a Lenovo Yoga Slim 7x Copilot+ PC with Recall enabled to work out exactly how its "Filter sensitive information" setting works.

4

As it turns out, it's based on pattern and text recognition, so if a store page has the word "checkout," credit numbers and other data fields aren't captured - they appear blank in the Recall screenshot. However, once keywords like "checkout" and "payment" are removed, credit card numbers and other sensitive data are captured and stored by Recall.

"Maybe it's unfair to expect the software to identify a credit card number without words like 'credit card' or 'pay' near it," The Register's Avram Piltch says. "But not all shopping forms look the same."

It seems that Recall's process of filtering sensitive data is flawed. For example, a complete photograph of a passport won't be captured; however, if another open window partially covers it, it will. A document with the text "My SS:" and then Recall correctly filtered out a Social Security number, but once "My SS:" was removed, Recall captured the full number. It's the same with opening up and viewing stored passwords. Unless the word "password" is right there, Recall will capture the data, not knowing the full context.

Although Recall is still listed as being in "preview" by Microsoft, with the company also noting that it will "continue to improve this functionality" in reference to filtering sensitive data, The Register concludes that by pushing users to install Recall during the setup process for all new Copilot+ PCs, it's "creating a potential treasure trove for thieves" that target vulnerable users.