Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
Windows Recall stores everything you do on a plain text database? Let’s see how hard is that to hack
Apparently, the database has no encryption or extra protection
2 min. read
Published onMay 31, 2024
published onMay 31, 2024
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
Following user uncertainty regarding the Windows Recall feature,Microsoft calmed everybody, stating that the data collected by Windows Recall is only available locally on your PC. However, what we didn’t know, and just found out fromKevin Beumont on X, that data is far from being safe.
Microsoft told media outlets a hacker cannot exfiltrate Copilot+ Recall activity remotely.Reality: how do you think hackers will exfiltrate this plain text database of everything the user has ever viewed on their PC? Very easily, I have it automated.HT detectivepic.twitter.com/Njv2C9myxQ
How does Windows Recall stores your data?
Allegedly, the date is stored on a flimsy plain text database that can be grabbed with an automated tool as simple as picking apples from a tree.
The caption posted by Beaumont, we can see that he was able to access all PC actions and app usage with some detail on the side, to make everything even more spicy. The coder explains this simple hack in a later post:
It’s just an SQLite database, feature ships in a few weeks – I’ve already modded it into an Infostealer hosted on Microsoft’s Github (a few lines of code).
And this is not all! He states that even the WhatsApp, Signal and Teams messages are recorded by Windows Recall:
I’ve tested this with messaging apps like WhatsApp, Signal and Teams. Somebody message you with disappearing messages? They’re recorded anyway. Write a disappearing message? It’s recorded. Delete a message? It’s recorded.
Beaumont also described the whole process on aMastodon thread, where Albacore confirmed this hack.
Long story short, someone would still hack into your machine or your network and if your PC has shared resources, all your history with actions and messages are up for grabs. So, no additional security protection? No kind of encryption? Well, until Microsoft makes things a lot more clear in this department, here’s our guide onhow to disable Windows 11 Recall.
Will you keep the Windows Recall feature enabled? Write your thoughts in the comments section below.
More about the topics:windows recall
Claudiu Andone
Windows Toubleshooting Expert
Oldtimer in the tech and science press, Claudiu is focused on whatever comes new from Microsoft.
His abrupt interest in computers started when he saw the first Home Computer as a kid. However, his passion for Windows and everything related became obvious when he became a sys admin in a computer science high school.
With 14 years of experience in writing about everything there is to know about science and technology, Claudiu also likes rock music, chilling in the garden, and Star Wars. May the force be with you, always!
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Claudiu Andone
Windows Toubleshooting Expert
Oldtimer in the tech and science press, with 14 years of experience in writing on everything there is to know about science, technology, and Microsoft
