Become a TechRadar Insider
- Microsoft's Windows 11 Recall still has major security flaws, according to cybersecurity expert
- TotalRecall Reloaded's creator states the application can force user authentication prompts, leading to Recall data extractions
- Microsoft has since denied that there are any security flaws
Microsoft's Windows 11 Recall tool hasn't been popular among its users ever since its debut in 2024, due to substantial security flaws when capturing private user data. Ultimately, the backlash forced Microsoft back to the drawing board, but that seemingly hasn't panned out too well, either.
As reported by The Verge, Microsoft's Windows Recall is back, but with new security concerns, unearthed by Alexander Hagenah, the creator of the TotalRecall Reloaded application on GitHub.
The controversy around Recall mainly focused on its prime purpose: to snapshot all PC activity, allowing users to quickly find what they were previously interacting with. This immediately raised red flags for PC users over their personal data potentially being exposed to malicious hackers, and it ultimately led to Microsoft removing the feature in 2024.
Article continues belowMicrosoft redesigned Recall, and the feature made its return in 2025 with the Windows Hello Enhanced Sign-In Security feature active, requiring fingerprint or face scans to access data or enable Recall to make snapshots. Microsoft also stated, "this restricts attempts by latent malware trying to ride along with a user authentication to steal data".
However, the return of Recall still has some people, including security professionals, concerned.
The Verge spoke with Hagenah, who stated: "My research shows that the vault is real, but the trust boundary ends too early," and what this means is the TotalRecall Reloaded tool can run in the background, force user authentication prompts, and eventually lead to all data from Recall being extracted.
"TotalRecall Reloaded makes that latent malware ride along," Hagenah said. "That is precisely the scenario Microsoft's architecture is supposed to restrict," and after Hagenah raised these concerns with Microsoft, the company has since denied that there is any security flaw.
In theory, TotalRecall Reloaded replicates the same scenario where malicious hackers would attempt to steal personal data that Recall has captured, including passwords, bank details, and other private information users may have entered while Recall was taking screenshots.
Fortunately, Windows Recall is optional and can be disabled, but for those using the feature, it's certainly a significant concern that might leave Microsoft facing backlash in the near future once again.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.