Privacy Diaries: Microsoft and it’s Malicious GIFS
The rise of #workingfromhome has led many corporations and individuals to rely on virtual communication apps to conduct business.
With the recent downfall of Zoom, many virtual business communications applications have been vying for the new top spot (ie. Slack, Microsoft Teams, etc.) As we’ve learned from Zoom, major applications are not immune to safety and security hacks.
From around the middle of February to the end of March, it was reported that Microsoft Teams had a vulnerability in its security system. Microsoft Teams is a platform where businesses and organizations operate and communicate with employees through videoconferencing, filesharing, and direct messaging.
CyberArk, an information security company, found that hackers were able to access user data through an image subdomain. Microsoft’s authentication tokens were not being used correctly for viewing images in Teams. According to Forbes, by simply viewing the GIF, it would “force the victim’s Teams account to give up its authentication token and therefore their data.”
Omer Tsarfati, a CyberArk security research states:
“Even if an attacker doesn’t gather much information from a [compromised] Teams’ account, they could use the account to traverse throughout an organization (just like a worm). Eventually, the attacker could access all the data from your organization Teams accounts — gathering confidential information, competitive data, secrets, passwords, private information, business plans, etc.”
Thankfully, there was no reports that any user data was accessed. However, the real damage right now is within Microsoft’s reputation.
Microsoft is one of the leading technology companies in the world. They simply cannot afford to have private or valuable company information shared or easily accessed due to poor security infrastructure.
Trust in technology and communications is one of the key reasons that Debrief was created. With Microsoft Teams adopting technology like Debrief’s Middleware, it could secure the application with blockchain technology. Conversations and files shared within a company stay where they belong — within the company.
Be sure to follow Debrief on Twitter and join our Telegram to stay up to date on future announcements!
