"TotalRecall Reloaded" tool finds a side entrance to Windows 11's Recall database
Summary
Microsoft’s Windows 11 feature called Recall records users’ PC activity with screenshots to help them remember past actions. A security researcher created a tool called TotalRecall Reloaded that shows how data sent after user login can be captured, although Microsoft says this is expected behavior and not a security bug.Key Facts
- Windows 11’s Recall feature saves screenshots and activity to help users remember what they did on their PC.
- Initially, Recall stored data unencrypted, risking exposure of sensitive information.
- Microsoft updated Recall to encrypt data, require Windows Hello login, and exclude sensitive info.
- Security researcher Alexander Hagenah developed a tool called TotalRecall Reloaded that intercepts data Recall shares with another process called AIXHost.exe after user login.
- This interception does not bypass Windows Hello; it only works after the user authenticates.
- Some tasks like viewing recent screenshots can happen without Windows Hello authentication.
- Microsoft reviewed the report and determined this behavior was intended, so they do not plan to change it.
- Hagenah’s tool highlights ongoing privacy concerns about Recall’s design despite improvements.
Read the Full Article
This is a fact-based summary from The Actual News. Click below to read the complete story directly from the original source.
