- Microsoft’s Windows 11 recall still has major security flaws, cybersecurity expert says
- TotalRecall Reloaded creator says app can force user authentication prompts, leading to recall data extractions
- Microsoft has since denied the existence of security flaws
Microsoft’s Windows 11 Recall tool has not been popular among its users since its debut in 2024, due to significant security flaws when capturing users’ private data. Ultimately, the backlash forced Microsoft to go back to the drawing board, but that apparently didn’t go very well either.
As reported by The Verge, Microsoft’s Windows Recall is back, but with new security problems, unearthed by Alexander Hagenah, the creator of the TotalRecall Reloaded application on GitHub.
The controversy surrounding Recall has primarily focused on its primary purpose: capturing all PC activity, allowing users to quickly regain what they were previously interacting with. This immediately raised a red flag for PC users as their personal data was potentially exposed to malicious hackers, and it ultimately led Microsoft to remove the feature in 2024.
Article continues below
Microsoft redesigned Recall and the feature returned in 2025 with Windows Hello Enhanced Sign-In Security active, requiring fingerprint or facial scans to access data or allow Recall to create snapshots. Microsoft also said, “this limits attempts by latent malware trying to rely on user authentication to steal data.”
However, the return of Recall still worries some people, especially security professionals.
The Verge spoke with Hagenah, who said, “My research shows that the vault is real, but the trust limit ends too soon,” and this means that the TotalRecall Reloaded tool can run in the background, force user authentication prompts, and ultimately lead to the extraction of all data from Recall.
“TotalRecall Reloaded allows this latent malware to move around,” Hagenah said. “This is precisely the scenario that Microsoft’s architecture is intended to restrict,” and after Hagenah raised these concerns with Microsoft, the company has since denied the existence of any security vulnerability.
In theory, TotalRecall Reloaded replicates the same scenario in which malicious hackers would attempt to steal personal data captured by Recall, including passwords, banking details, and other private information that users may have entered while Recall was taking screenshots.
Fortunately, Windows Recall is optional and can be disabled, but for those who use this feature, this is certainly a significant issue that could expose Microsoft to backlash again in the near future.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
