Hagenah said he shared his findings with Microsoft in March, along with the necessary technical details and code.
Microsoft had reworked Recall after facing criticism earlier
Photo Credit: Microsoft
TotalRecall Reloaded, a tool developed by cybersecurity researcher Alexander Hagenah, has raised fresh concerns about Microsoft's Windows Recall feature and how it handles sensitive user data. The research points to potential issues in how information is accessed after authentication, even though Microsoft had redesigned Recall with stronger protections. The company reportedly views the behaviour as part of its existing system design, but the findings highlight ongoing concerns about whether features that record user activity can remain both useful and secure.
The Recall tool is built to pull data from Recall, an AI feature that takes regular snapshots of what appears on your screen so you can search through your past activity. Hagenah said his updated version can quietly run in the background and access that data once a user logs in through Windows Hello.
Microsoft had reworked Recall after facing criticism earlier, adding stronger protections like encryption, secure enclaves and biometric authentication. The company had said these changes would stop malicious software from taking advantage of a user's login to access stored data.
However, Hagenah explains that the protection does not fully work as intended. He said the system's secure storage is strong, but the boundary that controls how data is accessed breaks down too early. According to him, the tool can effectively follow a user's authentication process and then retrieve stored information.
The data Recall stores go beyond simple screenshots. It can include on-screen text, messages, emails, documents, browsing activity, timestamps, and AI-generated context, building a detailed picture of how a user interacts with their device.
Hagenah said he shared his findings with Microsoft in March 2026, along with the necessary technical details and code. He claims the company reviewed the report but did not consider it a security issue, stating that the behaviour aligns with how the system is meant to work and does not break any security boundaries.
Microsoft also said that measures like time limits and protections against repeated access help reduce the risk. Hagenah, however, disagreed and argued that these safeguards can be bypassed.
The Verge reported that the issue may stem from the way Recall delivers decrypted data to other processes after authentication. While the storage system itself remains secure, the method used to present that data could expose it to misuse.
Despite the concerns, Hagenah acknowledged that several parts of Recall's redesigned security, including its encryption and authentication model, are robust, according to the aforementioned The Verge report. He suggested that further improvements are needed in how data is handled after it leaves the secure environment.
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.