It has been reported that Windows Recall, an AI search feature developed by Microsoft, has been compromised by hackers. The tool, called TotallRecall, reveals that Microsoft collects an extensive amount of information about Windows users, contrary to the company’s initial claims. The compromised data includes messages from encrypted apps like Signal and WhatsApp, sensitive images, web page content, and even protected applications such as Home Banking and WhatsApp’s disappearing messages.
Although Microsoft assured users that the Recall feature keeps data within the user’s device, security experts have warned that such a valuable database is a prime target for hacker groups or organizations interested in mass surveillance of Windows users. Despite Microsoft’s encryption promises, the tool developed by security strategist and ethical hacker Alex Hagenah can still extract data from the weakly protected Preview version of Recall.
Hagenah has described the potential risk of a hacker accessing and obtaining sensitive information from a Windows user through this compromised feature as equivalent to a “Trojan 2.0, embedded.” This scenario could lead to the exposure of email contents, personal conversations, and other sensitive data captured by Recall.
