When Microsoft tried to launch Recall, an AI-powered Windows feature that takes screenshots of most of the actions you do on your PC, it was dubbed a “disaster” for cybersecurity and a “privacy nightmare.” After a year-long delay in redesigning and securing feedback and recalls, it is once again facing security and privacy concerns.
Cybersecurity expert Alexander Hagenah has created TotalRecall Reloaded, a tool that extracts and displays data from recalls. It is an update to the TotalRecall tool which displayed all the weaknesses of the original Recall feature before Microsoft redesigned it.
Microsoft’s redesign focused on creating a secure vault for recall data with a secure environment through Windows Hello authentication and virtualization-based security enclaves. Recall requires users to authenticate using the face or fingerprint to gain access to data and enable snapshots to be recorded. “This prohibits attempts by stealthy malware trying to ‘ride’ with user authentication to steal data,” Microsoft said in a September 2024 blog post.
“My research shows that the Vault is real, but the limits of confidence get crossed very quickly,” Hagenah says. “TotalRecall Reloaded carries that ‘latent malware’ with it.” The TotalRecall Reloaded tool can run silently in the background and activate the recall timeline to force the user to authenticate with a Windows Hello prompt. Once authentication is complete, TotalRecall Reloaded can extract everything that Windows Recall has ever captured. “This is exactly the scenario that Microsoft’s architecture should prohibit,” Hagenah says.
Recall stores more than just screenshots, including a history of the text that appears on your screen, messages, emails, documents, browsing history, and much more. Microsoft’s changes to recall security come months after CEO Satya Nadella told employees, “If you are faced with a tradeoff between security and another priority, your answer is clear: protect.”
The Haganah responsibly disclosed its latest findings to Microsoft last month, but the company closed the report and said it did not contain any vulnerabilities. David Weston, corporate vice president of Microsoft Security, said in a statement, “We commend Alexander Hagenah for identifying and responsibly reporting this issue. After careful investigation, we determined that the access patterns demonstrated are consistent with intended security and existing controls, and do not represent bypass of security boundaries or unauthorized access to data.” The Verge. “The authorization period has timeouts and anti-hammering protections that limit the impact of malicious queries.”
in messages to The VergeHagenah disputes Microsoft’s timeout protection. “I can repoll the data, and what I’m doing in my tool [is] To bypass it. And the timeouts have been fixed,” Hagenah says. “My biggest issue is still that they are saying in their official announcement that Enclave ‘prevents latent malware from coming along,’ which it clearly does not do.”
TotalRecall Reloaded can remove the latest cached Windows Recall screenshots even without Windows Hello authentication, or erase the entire capture history completely. But the type of malware Hagenah describes can sit in the background on a PC and take screenshots, with or without Windows recall.
Microsoft doesn’t think there is a vulnerability here because that’s how Windows works. Regular user-mode processes have the ability to inject code as a common and often legitimate behavior in Windows, but this flexibility also creates opportunities for abuse.
A similar Infostealer malware could sit and extract 1 password data or your browsing history, if it was not detected by various other Windows security tools and memory protection efforts. The bigger concern is that Recall stores much more sensitive data than just passwords or browsing history, and Microsoft’s original promise that Recall will protest against malware in the background is flawed.
Despite the concerns, Microsoft got a lot right with its recall redesign. “VBS Enclave is very solid,” says Hagenah. “The authentication model is stateless and race-free (thousands of checks, zero bypasses).” Hagenah thinks Microsoft can and should go one step further to meet its security design goals for the recall. “The fundamental problem is not crypto, enclaves, authentication, or PPL,” he says. “It’s sending the decrypted content to an insecure process for rendering. The door to the vault is titanium. The wall next to it is drywall.”
<a href