Join The Club
Remember Windows Recall? The AI feature that essentially screenshots nearly everything you do on your PC in order to present users with a timeline of activity they can rewind back through? It was meant to be available on Copilot+ AI PCs from June 2024 but got, ahem, recalled a number of times amid cybersecurity concerns. The feature has since been redesigned, but security researchers are raising the alarm again.
Windows Insiders have had access to the redesigned Recall since last year, but allegedly the more things change, the more they stay the same. Case in point, after already breaking the original Recall, security researcher Alexander Hagenah has created another tool that can expose the refreshed Recall's various vulnerabilities by extracting and displaying the data it captures (via The Verge).
Unfortunately, Hagenah says, "My research shows that the vault is real, but the trust boundary ends too early.”
Hagenah's tool is called TotalRecall Reloaded, but how does it work? Very simply, it will camp out quietly in the background of your desktop, and then ride the coat tails of your access to the Recall timeline when you next open the 'locked box' via a Windows Hello prompt. From there, TotalRecall Reloaded can reportedly snaffle the contents of the entire vault like a hydrocolloid bandage on a zit.
Microsoft wrote back in 2024 that asking users for biometric credentials each time they want to access Recall would restrict "attempts by latent malware trying to ’ride along’ with a user authentication to steal data." Unfortunately, Hagenah says his tool creates "precisely the scenario Microsoft’s architecture is supposed to restrict."
As such, Hagenah claims he responsibly disclosed his security research to Microsoft last month—but this leads me to perhaps the most infuriating twist in this tale. According to Hagenah, Microsoft told him that what he found was 'not a vulnerability'.
In a statement to The Verge, Microsoft Security's corporate vice president David Weston said, "We appreciate Alexander Hagenah for identifying and responsibly reporting this issue. After careful investigation, we determined that the access patterns demonstrated are consistent with intended protections and existing controls, and do not represent a bypass of a security boundary or unauthorized access to data. The authorization period has a timeout and anti-hammering protection that limit the impact of malicious queries.”
Given that Recall can hoard everything from browsing history, to whatever text may have crossed your screen in the form of emails, private messages, and so on, it may be difficult to understand Microsoft's stance here. Though in its view, this doesn't qualify as a vulnerability.
At the risk of over-simplifying, TotalRecall Reloaded isn't forcing Windows to do anything it doesn't already do, and a fully fledged fix would likely involve overhauling the OS's foundations. Microsoft is also hoping that prompting for biometric credentials every time a user wants to use Recall will curtail malicious activity.
To Microsoft's credit, Hagenah did praise Recall's "rock solid" VBS Enclave—though the issue isn't that the 'locked box' has a dodgy door. “The fundamental problem isn’t the crypto, the enclave, the authentication, or the PPL. It’s sending decrypted content to an unprotected process for rendering," Hagenah says, "The vault door is titanium. The wall next to it is drywall.”
1. Best gaming chair: Secretlab Titan Evo
2. Best gaming desk: Secretlab Magnus Pro XL
3. Best gaming headset: Razer BlackShark V3
4. Best gaming keyboard: Asus ROG Strix Scope II 96 Wireless
5. Best gaming mouse: Razer DeathAdder V4 Pro
6. Best PC controller: GameSir G7 Pro
7. Best steering wheel: Logitech G Pro Racing Wheel
8. Best microphone: Shure MV6 USB Gaming Microphone
9. Best webcam: Elgato Facecam MK.2
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
