Close Menu
Technology Mag

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Meta is playing the AI game with house money

    July 30, 2025

    Ready or not, age verification is rolling out across the internet

    July 30, 2025

    Dropbox is shutting down its password manager

    July 30, 2025
    Facebook X (Twitter) Instagram
    Subscribe
    Technology Mag
    Facebook X (Twitter) Instagram YouTube
    • Home
    • News
    • Business
    • Games
    • Gear
    • Reviews
    • Science
    • Security
    • Trending
    • Press Release
    Technology Mag
    Home » Microsoft’s Recall Feature Is Even More Hackable Than You Thought
    Security

    Microsoft’s Recall Feature Is Even More Hackable Than You Thought

    News RoomBy News RoomJune 10, 20243 Mins Read
    Facebook Twitter Pinterest LinkedIn Reddit WhatsApp Email

    Microsoft’s CEO Satya Nadella has hailed the company’s new Recall feature, which stores a history of your computer desktop and makes it available to AI for analysis, as “photographic memory” for your PC. Within the cybersecurity community, meanwhile, the notion of a tool that silently takes a screenshot of your desktop every five seconds has been hailed as a hacker’s dream come true and the worst product idea in recent memory.

    Now, security researchers have pointed out that even the one remaining security safeguard meant to protect that feature from exploitation can be trivially defeated.

    Since Recall was first announced last month, the cybersecurity world has pointed out that if a hacker can install malicious software to gain a foothold on a target machine with the feature enabled, they can quickly gain access to the user’s entire history stored by the function. The only barrier, it seemed, to that high-resolution view of a victim’s entire life at the keyboard was that accessing Recall’s data required administrator privileges on a user’s machine. That meant malware without that higher-level privilege would trigger a permission pop-up, allowing users to prevent access, and that malware would also likely be blocked by default from accessing the data on most corporate machines.

    Then on Wednesday, James Forshaw, a researcher with Google’s Project Zero vulnerability research team, published an update to a blog post pointing out that he had found methods for accessing Recall data without administrator privileges—essentially stripping away even that last fig leaf of protection. “No admin required ;-)” the post concluded.

    “Damn,” Forshaw added on Mastodon. “I really thought the Recall database security would at least be, you know, secure.”

    Forshaw’s blog post described two different techniques to bypass the administrator privilege requirement, both of which exploit ways of defeating a basic security function in Windows known as access control lists that determine which elements on a computer require which privileges to read and alter. One of Forshaw’s methods exploits an exception to those control lists, temporarily impersonating a program on Windows machines called AIXHost.exe that can access even restricted databases. Another is even simpler: Forshaw points out that because the Recall data stored on a machine is considered to belong to the user, a hacker with the same privileges as the user could simply rewrite the access control lists on a target machine to grant themselves access to the full database.

    That second, simpler bypass technique “is just mindblowing, to be honest,” says Alex Hagenah, a cybersecurity strategist and ethical hacker. Hagenah recently built a proof-of-concept hacker tool called TotalRecall designed to show that someone who gained access to a victim’s machine with Recall could immediately siphon out all the user’s history recorded by the feature. Hagenah’s tool, however, still required that hackers find another way to gain administrator privileges through a so-called “privilege escalation” technique before his tool would work.

    With Forshaw’s technique, “you don’t need any privilege escalation, no pop-up, nothing,” says Hagenah. “This would make sense to implement in the tool for a bad guy.”

    Share. Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Email
    Previous ArticleKeychron’s Q1 HE Marks a Turning Point for Mechanical Keyboards
    Next Article Leaked Google Pixel Watch 3 renders suggest it will get thicker but not bigger

    Related Posts

    Microsoft Put Older Versions of SharePoint on Life Support. Hackers Are Taking Advantage

    July 29, 2025

    DHS Faces New Pressure Over DNA Taken From Immigrant Children

    July 25, 2025

    At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds

    July 24, 2025

    China’s Salt Typhoon Hackers Breached the US National Guard for Nearly a Year

    July 23, 2025

    How China’s Patriotic ‘Honkers’ Became the Nation’s Elite Cyberspies

    July 21, 2025

    Hackers Are Finding New Ways to Hide Malware in DNS Records

    July 19, 2025
    Our Picks

    Ready or not, age verification is rolling out across the internet

    July 30, 2025

    Dropbox is shutting down its password manager

    July 30, 2025

    Spotify’s terrible privacy settings just leaked Palmer Luckey’s bops and bangers

    July 30, 2025

    Microsoft reports strong cloud earnings, with Windows and Xbox up too

    July 30, 2025
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    News

    Layoffs hit CNET as its parent company goes on a buying spree

    By News RoomJuly 30, 2025

    Ziff Davis, the media conglomerate that owns outlets like CNET, ZDNET, PCMag, and Mashable is…

    How Do You Live a Happier Life? Notice What Was There All Along

    July 30, 2025

    Microsoft is getting ready for GPT-5 with a new Copilot smart mode

    July 30, 2025

    Google is using AI age checks to lock down user accounts

    July 30, 2025
    Facebook X (Twitter) Instagram Pinterest
    • Privacy Policy
    • Terms of use
    • Advertise
    • Contact
    © 2025 Technology Mag. All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.