"TotalRecall Reloaded" tool finds a side entrance to Windows 11's Recall database

Security researchers bypass Windows 11 Recall's encryption, accessing sensitive user data through an unsecured application process. | Contesto: cronaca

Punti chiave

• "TotalRecall Reloaded" tool finds a side entrance to Windows 11's Recall database

Contesto

Security researchers have demonstrated a method to access the sensitive database created by Windows 11's new Recall feature, bypassing its advertised encryption protections. The tool, dubbed "TotalRecall Reloaded," exploits a side channel in the system's architecture, allowing unauthorized access to a detailed log of a user's on-screen activity. This development, confirmed by independent analysis of the tool's code, directly challenges Microsoft's assurances that the locally-stored Recall data is secure. Recall, a flagship AI feature for upcoming Copilot+ PCs, is designed to take constant screenshots of a user's desktop, creating a searchable, photographic memory of everything seen on the computer. Microsoft has consistently stated that this data is encrypted and stored solely on the user's device. However, the researchers behind TotalRecall Reloaded illustrate a critical flaw in this security model. They argue that while the encrypted database itself—the "vault"—may be robust, the process that delivers data to and from it is vulnerable. The core of the exploit lies in the decrypted state of the data. When the Recall feature is active, the screenshots and their processed text are decrypted from the database to be displayed to the user within the Recall application. The TotalRecall Reloaded tool intercepts this data stream. It does not crack the database encryption but instead accesses the information after it has been decrypted for use, effectively finding an open side door while the main vault door remains locked. This vulnerability has profound implications for user privacy and device security. A malicious actor with local access to a PC—either physically or through malware—could use this method to extract a complete history of a user's actions, including passwords, private messages, financial documents, and visited websites, all from what was promised to be a secure, local system. The situation is exacerbated by Recall's default "on" setting for most users, meaning the feature would be capturing this data without explicit, informed consent to the specific risks now revealed. The discovery forces a re-evaluation of the threat model for AI-powered features...

Lettura DEO

Decisione di validazione: publish

Risk score: 0.1

Il testo è stato ricostruito dai dati editoriali disponibili senza aggiungere fatti non presenti nel record sorgente.

Indicatore di affidabilità

Verificata — Alta confidenza. Fonti affidabili confermano la notizia.

Il sistema a semaforo

Ogni articolo su DEO include un indicatore di affidabilità:

• 🟢 Verificata — Alta confidenza. Fonti affidabili confermano la notizia.
• 🟡 In evoluzione — Confidenza moderata. Alcuni dettagli potrebbero ancora cambiare.
• 🔴 Contestata — Bassa confidenza. Fonti in conflitto o incertezze rilevanti.

Questo sistema esiste perché chi legge merita di sapere non solo cosa è successo, ma anche quanto la notizia è solida.

Categoria: cronaca