"TotalRecall Reloaded" tool finds a side entrance to Windows 11's Recall database

Key Points:

• Microsoft’s Copilot+ Windows PCs include a feature called Recall that records extensive user activity via screenshots to help users remember past actions, but initially stored this data unencrypted, posing significant security and privacy risks.
• After security researchers exposed these flaws, Microsoft delayed Recall’s rollout and enhanced its security by encrypting locally stored data, requiring Windows Hello authentication, excluding sensitive information, and disabling Recall by default.
• Security researcher Alexander Hagenah developed the TotalRecall Reloaded tool, which exploits a vulnerability in the AIXHost.exe process handling Recall data, allowing interception of screenshots and metadata after user authentication without admin privileges.
• Microsoft has stated that Hagenah’s findings do not constitute a security vulnerability and has no plans to fix the issue, emphasizing existing protections like timeouts and anti-hammering controls to limit abuse.
• Despite improved security, Recall remains a privacy risk since anyone with PC access and Windows Hello credentials can view extensive user data, prompting some app developers, including Signal Messenger, to block Recall from capturing their app content.