Red Alert! Windows Recall Has Already Been Hacked, Here’s All We Know

Microsoft’s new controversial Recall feature is so far only facing problems. This might be because the feature is a problem in and of itself, however, Microsoft won’t admit it. People online have already categorized it as spyware as there have been many privacy concerns over the encryption of the stored data. Before the official release of Recall, security researchers have already shown a massive lapse in security with the new feature.

Going even further, Alex Hagenah, a white hacker, has released a tool, cleverly called Total Recall, just like the 1990 movie and its 2012 remake. The tool can extract all the information that’s supposedly encrypted on your drive, in the span of a few minutes.

It then puts all the data in an SQLite database for you to search through. You can download it as well as check out the description of the tool on GitHub. Key takeaways include that there is 0 encryption, with all the data being saved as plain text. If that’s not a security vulnerability, we don’t know what is.


Text messages, usernames, emails, nothing is safe, as the database is accompanied by screenshots. The screenshots can include messages from encrypted messaging platforms like Skype, Telegram, and others, even if you’ve already deleted entire conversations or singular texts. Thankfully, while there’s a complete lack of encryption, no data has been sent to Microsoft servers, as Recall is running entirely locally on your device. This is good because if servers were included in the picture, it would be much easier for hackers to intercept the files and look through them, exposing pretty much everything on your laptop. There is a filtering feature that stops Recall from taking records of certain apps, which works too.

However, not many people will know about this and not even tinker with the Recall settings, leaving all of their info for malicious third parties to take advantage of. Microsoft Recall demands a lot of trust from the consumers, which Microsoft just hasn’t earned. Their software has caused multiple US government data leaks, so deploying what can essentially be taken as spyware to consumer devices should worry consumers.

So, Here’s how to turn off Recall

Notify of
Inline Feedbacks
View all comments