- Microsoft’s Windows 11 Recall still has major security flaws, according to cybersecurity expert
- TotalRecall Reloaded’s creator says the application can force user authentication prompts, leading to recall data extraction
- Microsoft has since denied that there is a security flaw
Microsoft’s Windows 11 Recall tool has not been popular among its users ever since its debut in 2024 due to significant security flaws in collecting private user data. In the end, the backlash forced Microsoft back to the drawing board, but it doesn’t seem to have worked out too well either.
As reported by The Verge, Microsoft’s Windows Recall is back, but with new security issues, uncovered by Alexander Hagenah, the creator of the TotalRecall Reloaded application on GitHub.
The controversy surrounding Recall focused mainly on its primary purpose: to snapshot all PC activity so that users could quickly find what they previously interacted with. This immediately raised red flags for PC users that their personal data was potentially exposed to malicious hackers, and ultimately led to Microsoft removing the feature in 2024.
The article continues below
Microsoft redesigned Recall and the feature returned in 2025 with the Windows Hello Enhanced Sign-In Security feature enabled, requiring fingerprints or face scans to access data or enable Recall to take snapshots. Microsoft also stated, “this limits attempts by latent malware that try to run alongside a user authentication to steal data”.
But the return of Recall still has some people, including security professionals, worried.
The Verge spoke with Hagenah, who stated, “My research shows that the vault is real, but the confidence limit ends prematurely,” meaning that the TotalRecall Reloaded tool can run in the background, force user authentication prompts, and ultimately lead to all data from Recall being extracted.
“TotalRecall Reloaded gets the latent malware running,” Hagenah said. “That’s exactly the scenario that Microsoft’s architecture is supposed to limit,” and after Hagenah raised those concerns with Microsoft, the company has since denied that there is any security flaw.
In theory, TotalRecall Reloaded replicates the same scenario where malicious hackers would try to steal personal data that Recall has captured, including passwords, bank details, and other private information that users may have entered while Recall was taking screenshots.
Fortunately, Windows Recall is optional and can be disabled, but for those who use the feature, it’s certainly a significant concern that could cause Microsoft to face backlash again in the near future.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
