News
Microsoft Lifts Hood on Windows Recall's Security Guardrails
With Windows Recall's preview release imminent, Microsoft is sharing details about the feature's architecture to offset lingering security concerns.
Recall is a new feature for new Microsoft Copilot+ PCs. First announced in May at the Build conference, Recall uses AI to take snapshots of users' interactions with their Copilot+ PCs, creating a searchable record of their user history.
Microsoft originally planned to release a preview of Recall with the earliest wave of Copilot+ PCs, which went on sale in June. However, the feature was immediately beset by security and privacy concerns, prompting Microsoft to postpone the preview's release until October.
In the meantime, Microsoft took steps to buttress Recall against potential misuse. The feature is now opt-in-only, with added encryption layers, and requires Windows Hello for access.
On Friday, Microsoft took the additional step of detailing how it keeps Recall snapshots secure using virtualization-based security (VBS) enclaves. A VBS enclave acts like a safe that can only be unlocked by Windows Hello, explained David Weston, Microsoft's head of enterprise and OS security, in a blog post.
"VBS Enclaves use the same hypervisor as Azure to segment the computer's memory into a special protected area where information can be processed," Weston wrote. "Using Zero Trust principles, code in these enclaves can use cryptographic attestation protocols to safeguard that the environment is secure before performing sensitive operations, such as snapshot processing."
[Click on image for larger view.]
Windows Recall's security architecture. (Source: Microsoft)
Most of Recall's architecture as described by Weston is protected by a VBS enclave, with the exception of the UI. Though untrusted, Recall components that are not inside a VBS enclave "never directly receive access to snapshots or encryption keys and only receive data returned from the enclave after authorization."
Recall also includes privacy settings that users can accept, reject or adjust to their preferences. For instance, users can choose certain apps or Web sites to exclude from Recall, delete specific or groups of snapshots, stop ongoing snapshots from being saved, and set how long Recall retains snapshots. Recall doesn't save data from in-private browsing sessions. It also filters out certain data like credit card numbers and passwords by default.
"Recall does not share snapshots or associated data with Microsoft or third parties, nor is it shared between different Windows users on the same device," Weston said, though "some diagnostic data may be provided [to Microsoft] based on the user's privacy settings."
Microsoft assessed Recall's readiness in internal and third-party design reviews and penetration testing, he indicated. Microsoft also measured Recall against its Responsible AI Standard.
"Recall's secure design and implementation provides a robust set of controls against known threats," Weston said. "Microsoft is committed to making the power of Al available to everyone while retaining security and privacy against even the most sophisticated attacks."