New report alleges Microsoft Recall is still screenshotting credit card numbers and passwords
Microsoft Recall's security woes have come back to the fore after a test caught the AI screenshotting tool capturing sensitive data (again). Ahead of its public beta release in April, Microsoft made a slew of security updates to Recall, including adding a filter that's supposed to block Recall from recording passwords, credit card info, social security numbers, and similar sensitive data. It looks like more fine-tuning is still needed.
The Register's Avram Piltch conducted an in-depth security test on Recall that revealed the AI doesn't always filter out sensitive data. The filter was usually successful when keywords like "password" or "pay" were on screen, but whenever they weren't, Recall often misfired and took a screenshot. For instance, it screenshotted a text document with a list of usernames and passwords that weren't labeled.
It makes sense that Microsoft's AI might rely on searching for visual hints like the word "password" to recognize when sensitive info is on screen. However, that's clearly a hit-or-miss strategy. If those keywords aren't displayed the way the AI expects or they're completely missing, there's a decent chance the filter won't work. That means you really never know if Recall is going to correctly filter out your sensitive data or not.
