Microsoft officially addressed a security vulnerability that may have been exploited by hackers. The vulnerability allowed attackers to send specially crafted links or GIF images to Microsoft Teams accounts and then hijack them. While the sending of the link or images was simple for attackers, the crafting of the attack required multiple steps that would make the attack very hard for hackers.
“We addressed the issue discussed in this blog and worked with the researcher under Coordinated Vulnerability Disclosure. While we have not seen any use of this technique in the wild, we have taken steps to keep our customers safe,” said a Microsoft spokesperson in a report by SecurityWeek.
Watch: Secret Android Features you didn’t know about
Microsoft Teams is one of those really useful tools being put to use during the ongoing Coronavirus Pandemic. As lockdowns are imposed across most of the globe, people are working from home and using tools like Microsoft Teams and Slack to maintain coordination between workgroups. As a result, the user base of these apps has also gone up by quite a bit since the lockdowns came into action.
With many people using Microsoft Teams, a security vulnerability as such starts to look more dangerous. The hijacking of key Teams accounts could lead to chaos in many companies. Researchers at CyberArk, a company that specializes in security solutions discovered the flaw. The vulnerability works by passing authentication access tokens to image resources.
This very vulnerability may be exploited by an attacker to create links or GIFs. These could be used to send authentication tokens to servers. When such malicious links are sent, the user is fooled by clicking on the link and following it. However, the GIFs are much more dangerous as they simply need to be read in the Microsoft Teams chat, and the token will be sent to attackers.
Once obtained, hackers may use the token to hijack the victim’s account through the Teams API interfaces. The attacker can use this method to read the user’s Teams messages and send messages on their behalf. They may also create groups and add or remove users from existing groups. Moreover, the attack can also be automated to spread to other Teams users in the organization.