Logo

Put Your AD here!

Microsoft details security/privacy overhaul for Windows Recall ahead of relaunch

Microsoft details security/privacy overhaul for Windows Recall ahead of relaunch
By: ARS Techica - Tech Posted On: September 27, 2024 View: 1

Jump to COMMENTS

This article was originally published on ARS Techica - Tech. You can read the original article HERE

An updated onboarding screen for Recall, with clearly visible buttons for opting in or out; Microsoft says Recall will be opt-in by default and can even be removed from PCs entirely.
Enlarge / An updated onboarding screen for Recall, with clearly visible buttons for opting in or out; Microsoft says Recall will be opt-in by default and can even be removed from PCs entirely.
Microsoft

Microsoft is having another whack at its controversial Recall feature for Copilot+ Windows PCs, after the original version crashed and burned amid scrutiny from security researchers and testers over the summer. The former version of Recall recorded screenshots and OCR text of all user activity, and stored it unencrypted on disk where it could easily be accessed by another user on the PC or an attacker with remote access.

The feature was announced in late May, without having gone through any of the public Windows Insider testing that most new Windows features get, and was scheduled to ship on new PCs by June 18; by June 13, the company had delayed it indefinitely to rearchitect it and said that it would be tested through the normal channels before it was rolled out to the public.

Today, Microsoft shared more extensive details on exactly how the security of Recall has been re-architected in a post by Microsoft VP of Enterprise and OS Security David Weston.

More secure, also optional

An abstraction of Recall's new security architecture, which replaces the old, largely nonexistent security architecture.
Enlarge / An abstraction of Recall's new security architecture, which replaces the old, largely nonexistent security architecture.
Microsoft

The broad strokes of today's announcement are similar to the changes Microsoft originally announced for Recall over the summer: that the feature would be opt-in and off-by-default instead of opt-out, that users would need to re-authenticate with Windows Hello before accessing any Recall data, and that locally stored Recall data will be protected with additional encryption.

However, some details show how Microsoft is attempting to placate skeptical users. For instance, Recall can now be removed entirely from a system using the "optional features" settings in Windows (when a similar removal mechanism showed up in a Windows preview earlier this month, Microsoft claimed it was a "bug," but apparently not).

The company is also sharing more about how Windows will protect data locally. All Recall data stored locally, including "snapshots and any associated information in the vector database," will be encrypted at rest with keys stored in your system's TPM; according to the blog post, Recall will only function when BitLocker or Device Encryption is fully enabled. Recall will also require Virtualization-Based Security (VBS) and Hypervisor-Protected Code Integrity (HVCI) enabled; these are features that people sometimes turn off to improve game performance, but Recall will reportedly refuse to work unless they're turned on.

This is because the new Recall operates inside of a VBS enclave, which helps to isolate and secure data in memory from the rest of the system.

"This area acts like a locked box that can only be accessed after permission is granted by the user through Windows Hello," writes Weston. "VBS enclaves offer an isolation boundary from both kernel and administrative users."

Windows doesn't allow any code to run within these enclaves that hasn't been signed by Microsoft, which should lower the risk of exposing Recall data to malware or other rogue applications. Other malware protections new to this version of Recall include "rate-limiting and anti-hammering measures."

A diagram of the authentication and encryption features that have been added to Recall since the original preview.
Enlarge / A diagram of the authentication and encryption features that have been added to Recall since the original preview.
Microsoft

Every time a user pulls up Recall to look through their snapshots, they'll need to use Windows Hello to re-authenticate, and when they set it up, they will need to use biometric authentication like a face-scanning camera or fingerprint reader first. Unlocking Recall with a Windows Hello PIN can only be configured after Recall has already been turned on, and it's intended as "a fallback method" meant to "avoid data loss if a secure sensor is damaged."

Windows Hello only "briefly" decrypts Recall information when users are actually accessing it, and users will need to re-authorize periodically after a timeout period or in between Recall sessions. The encryption keys used to decrypt Recall data "are cryptographically bound to the identity of the end user, sealed by a key derived from the TPM of the hardware platform," which should close the original Recall's most gaping hole: the ability of another user on a PC to easily navigate to a folder in Windows Explorer and see everything stored by Recall.

Weston also pointed out a few user settings that can be used to limit what Recall collects—some of these already existed, like controls for how much disk space to use and how long to keep Recall snapshots, the ability to exclude specific apps and websites, that users can choose to delete items from their Recall databases, a system tray icon that tells you when Recall is running, and the fact that most browsers won't be captured when running in private browsing mode.

One, a "sensitive content filtering" feature that attempts to "reduce passwords, national ID numbers, and credit card numbers from being stored in Recall" is new; it's based on something called Microsoft Purview Information Protection that the company offers to its enterprise users.

Users settings for Recall. The automated filter for sensitive information is new, though most of the settings here were already in the original version of Recall.
Enlarge / Users settings for Recall. The automated filter for sensitive information is new, though most of the settings here were already in the original version of Recall.
Microsoft

And while we'll still need to see how the new Recall preview stands up to public scrutiny, Microsoft claims it has had the feature audited more thoroughly this time around: Microsoft's internal Offensive Research and Security Engineering Team "has conducted months of design reviews and penetration testing on Recall," and an unnamed third-party security vendor has also "perform[ed] an independent security design review and penetration test."

The one thing Microsoft's post doesn't talk about is: why the Recall feature nearly launched in its original, unsecured form, why it didn't go through the normal Windows Insider testing channels, and what (if any) internal changes are being made to keep this kind of thing from happening again. We asked Microsoft this question directly but haven't received a response yet.

At around the same time as the initial Recall feature was imploding, Microsoft CEO Satya Nadella had just announced that employees were being told to "do security" when given the choice between launching something quickly or launching something that was secure. Whether this mandate can or will stand up against the company's drive to get as many AI capabilities into all of its products as quickly as possible remains to be seen, but the Recall correction is a step in that direction.

Recall is still just for new PCs

The Recall timeline.
Enlarge / The Recall timeline.
Microsoft

Recall won't be available on the vast majority of Windows PCs—only those that meet the system requirements for the Copilot+ program will be eligible. Those requirements include 16GB of RAM, 256GB of storage, and a neural processing unit (NPU) capable of at least 40 trillion operations per second (TOPS).

For now, that's only Arm Windows PCs with a Snapdragon X Plus or X Elite chip in them, or x86 PCs with Intel's Core Ultra 200V-series chips or AMD's Ryzen AI 300-series chips. These are all chips made for laptops; no company has released a desktop processor that meets the requirements.

Microsoft didn't give a specific timeline for when it would begin rolling Recall out again, but the company had previously announced that it would begin rolling out to Windows Insiders in October.

Listing image by Jason Redmond/AFP via Getty Images

This article was originally published by ARS Techica - Tech. We only curate news from sources that align with the core values of our intended conservative audience. If you like the news you read here we encourage you to utilize the original sources for even more great news and opinions you can trust!

Read Original Article HERE

YubNub Promo
Header Banner

Comments

Search Articles
  Related news
  Contact Us
  • Postal Service
    YubNub Digital Media
    361 Patricia Drive
    New Smyrna Beach, FL 32168
  • E-mail
    admin@yubnub.digital
  Follow Us
  About

YubNub! It Means FREEDOM! The Freedom To Experience Your Daily News Intake Without All The Liberal Dribble And Leftist Lunacy!.


Our mission is to provide a healthy and uncensored news environment for conservative audiences that appreciate real, unfiltered news reporting. Our admin team has handpicked only the most reputable and reliable conservative sources that align with our core values.