Keyloggers

Microsoft Teams Patches Funny GIFs Cyber-Attack Flaw

Microsoft fixes security flaws in Microsoft Teams which could allow hackers to take over user accounts.

To keep the economy running and to save thousands of lives, companies were forced to switch to working remotely. The biggest challenge in doing so was to make this switch safe and effective. Resolving communication problems was a cornerstone issue, for this video conferencing software are used. Zoom was amongst the top apps but, due to various privacy issues and ZoomBombing competitors got a chance to surface.

But it seems they haven’t learned anything from Zoom flaws as rivals also have errors. A recent flaw detected by Security firm CyberArk shows Microsoft Teams can be hacked via GIFs.

However, the relevant vulnerability was patched on April 20th but we cannot ignore the fact that hackers are targeting and focusing on exploiting video conferencing software. Once these video call software are attacked hackers can access an enormous amount of data. Therefore, companies need to keep a check on vulnerabilities and fix them from time to time.

What’s the malicious GIF?

The vulnerability detected in Microsoft Teams affects both web browsers and desktop versions. To access user’s data attackers, try to leverage a subdomain vulnerability in Microsoft Teams. Taking advantage of this, hackers can send malicious GIFs to scrape user’s data and ultimately take over an organization’s entire roster of Teams accounts.

The major problem is caused by the way Microsoft handles authentication tokens for viewing images.  These tokens are handled by Microsoft servers located at teams.microsfot.com or subdomain addresses:

aadsync-test.teams.microsoft.com 

data-dev.teams.microsoft.com

If an attacker can manipulate a target into visiting a hijacked subdomain, the authentication tokens could then be passed to attackers’ server, granting them access to steal victim’s data.

How Hackers Target Users?

Phishing is the most obvious way of targeting users and making them visit a compromised site. But in this case, CyberArk’s researchers found that just by viewing the GIF victim’s data will be leaked. This is because GIFs source will be a compromised subdomain and Teams will automatically contact them to view images.

Donald Duck GIF used by CyberArk for its hack

What Is Microsoft Teams?

Microsoft Teams is a leading communication and collaboration platform. Using it you can make video calls, chat with other members, share files, etc. Moreover, Microsoft Teams provide first-party integration with a company’s Office 365 subscription.

Read:

How to use Microsoft Teams

How to change video background in Microsoft Teams

How Dangerous Is This Worm-Like Vulnerability?

This vulnerability is one of the scariest exploits as it spreads like a worm virus. Not only this, just by viewing the GIF data can be compromised and the user will not get to know that they are attacked.

However, there’s no indication of anyone being affected but this doesn’t mean there is nothing to worry. As we are working from home, we are more vulnerable to be attacked and hackers will not stop at any cost. Hence we need to pay attention to data security.

Who Could It Affect?

Everyone who uses Microsoft Teams on a web browser or on desktop are at risk.

COVID-19 is forcing companies to work remotely and for this, we have to use such software but we cannot forget about security.

This time we are lucky but this won’t be the case always, therefore, when sharing any information be sure the portal is safe and keep an eye of suspicion on everything. This will help stay secure.

Leave a comment