'TotalRecall Reloaded' Tool Finds a Side Entrance To Windows 11 Recall Database
Source: Slashdot
Background
Two years ago, Microsoft launched its first wave of Copilot+ Windows PCs with a handful of exclusive features that could take advantage of the neural processing unit (NPU) hardware built into newer laptop processors. These NPUs could enable AI and machine learning features that run locally rather than in the cloud, theoretically enhancing security and privacy.
One of the first Copilot+ features was Recall, which promised to track all PC usage via screenshots to help users remember past activity. However, as originally implemented, Recall was neither private nor secure; the feature stored screenshots and a massive database of user activity in unencrypted files on the user’s disk, making it trivial for anyone with remote or local access to retrieve days, weeks, or even months of sensitive data.
Recall’s Initial Flaws and Microsoft’s Response
After journalists and security researchers highlighted these flaws, Microsoft delayed the Recall rollout by almost a year and substantially overhauled its security:
- All locally stored data is now encrypted and viewable only with Windows Hello authentication.
- The feature better detects and excludes sensitive information (e.g., financial data) from its database.
- Recall is turned off by default rather than enabled on every supported PC.
While the reconstituted Recall represents a big improvement, a feature that records the vast majority of PC usage still poses security and privacy risks.
TotalRecall Reloaded Tool
Security researcher Alexander Hagenah authored the original TotalRecall tool, which made it trivially simple to grab Recall information on any Windows PC. An updated version, TotalRecall Reloaded, exposes additional vulnerabilities.
Key points from Hagenah’s GitHub page:
- The security around the Recall database itself is “rock solid.”
- The problem lies in the AIXHost.exe process, which receives Recall data after the user authenticates. This process does not benefit from the same security protections as the database.
- TotalRecall Reloaded injects a DLL into
AIXHost.exewithout requiring administrator privileges, then waits for the user to open Recall and authenticate with Windows Hello. Once authenticated, the tool can intercept screenshots, OCR’d text, and other metadata that Recall sends toAIXHost.exe, continuing even after the Recall session ends.
“The VBS enclave won’t decrypt anything without Windows Hello,” Hagenah writes. “The tool doesn’t bypass that. It makes the user do it, silently rides along when the user does it, or waits for the user to do it.”
Capabilities Without Authentication
- Grab the most recent Recall screenshot.
- Capture select metadata about the Recall database.
- Delete the user’s entire Recall database.
Capabilities After Authentication
- Access both newly recorded information and data previously stored in the Recall database.
Microsoft’s Statement
“We appreciate Alexander Hagenah for identifying and responsibly reporting this issue. After careful investigation, we determined that the access patterns demonstrated are consistent with intended protections and existing controls, and do not represent a bypass of a security boundary or unauthorized access to data,” a Microsoft spokesperson told Ars Technica. “The authorization period has a timeout and anti‑hammering protection that limit the impact of malicious queries.”
References
- Ars Technica – TotalRecall Reloaded tool finds a side entrance to Windows 11’s Recall database
- TotalRecall GitHub repository
- Microsoft postpones Windows Recall after major backlash (Slashdot)
- Microsoft launches Windows Recall after year‑long delay (Slashdot)
- Microsoft has lost trust with its users and Windows Recall is the straw that broke the camel’s back (Slashdot)
- Alexander Hagenah’s LinkedIn post on the issue