- Microsoft’s Windows 11 recall still has major security flaws, cybersecurity expert says
- The creator of TotalRecall Reloaded claims that the app can force user authentication requests, leading to Recall data extractions.
- Microsoft has since denied that any security flaws exist.
Microsoft’s Windows 11 recovery tool has not been popular among its users since its debut in 2024, due to major security flaws in capturing users’ private data. Ultimately, the backlash forced Microsoft to go back to the drawing board, but apparently that hasn’t worked out very well either.
As reported by The Verge, Microsoft’s Windows Recall is back, but with new security concerns, discovered by Alexander Hagenah, the creator of the TotalRecall Reloaded app on GitHub.
The controversy around Recall focused primarily on its primary purpose: taking a snapshot of all PC activity, allowing users to quickly find what they were previously interacting with. This immediately raised red flags for PC users about the possibility of their personal data being exposed to malicious hackers and ultimately led to Microsoft removing the feature in 2024.
Article continues below.
Microsoft redesigned Recall and the feature returned in 2025 with the Windows Hello enhanced sign-in security feature active, which requires fingerprint or face scans to access data or allow Recall to take snapshots. Microsoft also stated that “this restricts attempts by latent malware that attempts to accompany a user’s authentication to steal data.”
However, Recall’s return still worries some people, including security professionals.
The Verge spoke with Hagenah who stated, “My research shows that the vault is real, but the trust limit ends too soon,” and what this means is that the TotalRecall Reloaded tool can run in the background, force user authentication requests, and eventually extract all of the Recall data.
“TotalRecall Reloaded keeps latent malware moving forward,” Hagenah said. “That is precisely the scenario that Microsoft’s architecture is supposed to restrict,” and after Hagenah raised these concerns with Microsoft, the company has since denied that any security flaw exists.
In theory, TotalRecall Reloaded replicates the same scenario where malicious hackers would attempt to steal personal data that Recall has captured, including passwords, banking details, and other private information that users may have entered while Recall was taking screenshots.
Fortunately, Windows Recall is optional and can be disabled, but for those who use this feature, it is certainly a major concern that could leave Microsoft facing backlash in the near future once again.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
