Microsoft Recall’s “sensitive information” filter failing to recognize credit card numbers


The controversial Microsoft Recall feature fails to filter personal data and still captures screenshots of credit card and Social Security numbers even with the “sensitive information” filter enabled, Tom’s Hardware reports.

Microsoft Recall is an AI-powered Windows 11 feature that takes screenshots of the user’s screen every few seconds, allowing later retrieval of items and information previously seen. When first introduced, the Recall feature was supposed to be enabled by default, but it was labeled as a “privacy nightmare” with little security.

Due to a public outcry and privacy concerns, Microsoft postponed the feature and introduced security upgrades. It’s no longer enabled by default.

ADVERTISEMENT

The new Recall version, now available for Windows Insiders, uses encryption and comes with a “Filter sensitive information” option.

Despite all this, when Tom’s Hardware editor-in-chief Acram Piltch entered a credit card number, labeled “Capital One Visa, ”and a random username/password combination into a Windows Notepad window, Recall still captured it.

The same happened when filling out a loan application – the Recall captured Social Security numbers and other private information on the PDF document in Edge browser. The same findings were observed with actual credit card data.

recall-settings

Recall also captured snapshots with sensitive data from a custom HTML page asking to enter credit card information. However, it did not capture the same details on two tested actual online stores.

vilius jurgita Marcus Walsh profile Gintaras Radauskas
Don’t miss our latest stories on Google News

While the updated feature encrypts captured data and requires biometric login to access it, concerns remain about its potential security flaws and misuse. According to the report, bad actors could gain access to the system and bypass biometric checks with a PIN code.

In its blog post, Microsoft seems to acknowledge that Recall still has issues and promises to continue improving this functionality. The company is asking users to report findings about sensitive information being captured and other feedback through its Feedback Hub.

ADVERTISEMENT