Microsoft just recently provided a fix to a security flaw in its Microsoft Teams app that could be initiated using GIFs. Funny right? But hackers could employ .GIF files in taking over over user accounts.
They could use these seemingly harmless GIFs to attract people and make their accounts vulnerable to attacks.
Cybersecurity researchers from CyberArk had revealed that a subdomain takeover vulnerability, combined with a malicious .GIF file could be used to “scrape a user’s data and ultimately take over an organization’s entire roster of Teams accounts.”
According to CyberArk, when examining the platform, they discovered that each time the Microsoft Teams application was opened, the Teams client creates a new temporary access token which is authenticated via login.microsoftonline.com.
The Teams client also generates other tokens to access supported services such as SharePoint and Outlook.
Also Read:
– Why India’s Reliance Jio Is Getting $5.7 Billion Investment From Facebook
– Microsoft’s Retail Employees Have Trained Over 65,000 People In Remote Working
– How To Use Microsoft Teams: Tips For Beginners Working from Home
Microsoft Teams in acknowledging the security flaw says, “If an attacker can somehow force a user to visit the subdomains that have been taken over, the victim’s browser will send this cookie to the attacker’s server, and the attacker (after receiving the authtoken) can create a Skype token. After doing all of this, the attacker can steal the victim’s Team’s account data.”
The User will only see the GIF and wouldn’t know an attack is about to happen. This is perhaps the most frightening aspect of the attack.
“They will never know that he or she has been attacked – making this vulnerability… very dangerous,” Microsoft said.
CyberArk says that it informed Microsoft about the vulnerability on 23rd March 2020. Microsoft released a patch to fix the flaw just last week. However, so far, no evidence shows that malicious hackers ever took advantage of the issue.
Microsoft Teams and other collaboration tools have seen a surge in use due to more people working from home. The COVID-19 pandemic and fears of its transmission have forced governments to lockdown cities and restrict movement. Companies and Individuals use apps like Zoom, Skype and Teams to collaborate and keep up in spite of the distance.
For your daily dose of tech, lifestyle and trending content, make sure to follow Plat4om on Twitter @Plat4omLive, on Instagram @Plat4om, on LinkedIn at Plat4om, and on Facebook at Plat4om. You can also email us at info@plat4om.com. Finally, don’t forget to subscribe to our YouTube channel HERE.