Recall, Windows 11's flagship AI feature, 2024 was released alongside the first wave of Copilot+ computers, users met the feature with a lot of skepticism, which later turned into a lot of problems for Microsoft when security researchers showed how easy it was to extract all of a user's data.
This forced Microsoft to recall in Recall or to withdraw the feature and re-release it months later with new security measures.
But even these security measures are not enough.
A recently updated tool, aptly named TotalRecall, proves that the data captured by Windows Recall remains insecure.
Alexander Hagenah published his application on GitHub, revealing that although Recall information appears to be stored securely, the way Windows 11 delivers the data is very easy to crack, and Microsoft has no problem with that.
The updated version of TotalRecall, which is now publicly available, uses the AIXHost.exe process to obtain all the application snapshots. The researcher explains that “the process that renders the Recall timeline has no PPL, AppContainer, or code integrity enforcement, which allows code injection and data extraction once the user authenticates with Windows Hello.
The idea is to stay in the background, wait for the user to authenticate (let's say you want to use Recall as intended), and then suck up your data without any problems.
Alexander Hagenah submitted his findings to Microsoft before making them public, but the company stated that TotalRecall is not a security bypass or vulnerability.
Now, TotalRecall Reloaded is publicly available and you can get it from GitHub.
Although the press releases will range from very select to rare, I said I'd pass...because sometimes the editors hide.
