Microsoft's Recall feature continues to face privacy concerns
What's the story
Microsoft's AI-powered Windows feature, Recall, is facing fresh security and privacy concerns. The tool, which was designed to capture most of your PC activities as screenshots, received heavy criticism for being a "disaster" for cybersecurity and a "privacy nightmare." After a year-long redesign process to secure Recall, it is now under scrutiny again due to vulnerabilities exposed by cybersecurity expert Alexander Hagenah.
Tool launch
TotalRecall Reloaded exposes vulnerabilities in Recall
Hagenah has launched TotalRecall Reloaded, a tool that extracts and displays data from Recall. The tool is an update to the original TotalRecall that exposed all the weaknesses in Recall before Microsoft's redesign. Despite Microsoft's efforts to secure Recall data with Windows Hello authentication and a Virtualization-based Security Enclave, Hagenah's research suggests these measures may not be as effective as intended.
Security breach
Tool can extract everything Recall has captured
Hagenah claims that TotalRecall Reloaded can run silently in the background and activate the Recall timeline, forcing users into authenticating with a Windows Hello prompt. Once authenticated, the tool can extract everything that Windows Recall has ever captured. This behavior directly contradicts Microsoft's design intent for Recall's security architecture. The feature captures more than just screenshots, including messages, emails, documents, and browsing history.
Company response
Microsoft claims there was no vulnerability
After Hagenah disclosed his findings to Microsoft, the company closed the report and claimed there was no vulnerability. David Weston, Microsoft's corporate vice president of Microsoft Security, said that "After careful investigation, we determined that the access patterns demonstrated are consistent with intended protections and existing controls, and do not represent a bypass of a security boundary or unauthorized access to data." He added that "the authorization period has a timeout and anti-hammering protection that limit impact of malicious queries."
Disputed protections
Challenge to Microsoft's assertions
Hagenah has challenged Microsoft's claims of timeout protections, saying he can bypass them with his tool. He also took issue with Microsoft's statement that the enclave prevents "latent malware riding along," arguing it clearly doesn't. The TotalRecall Reloaded tool can extract the latest cached Windows Recall screenshot without Windows Hello authentication or completely erase the entire capture history.