Microsoft Teams takes advantage of vulnerable files, emails, and chat logs.
What Is A Collaboration Platform?
Researchers discovered a simple weakness in Microsoft Teams’ collaboration platform that could have given attackers the keys to the kingdom.
Employees are no longer expected to work in isolation in the workplace; instead, collaboration is the new normal. This emphasis on collaboration platform should result in increased efficiency and productivity, but only if you have the best tools to begin with.
These tools may include everything from cloud document storage to video conferencing for online meetings, and they’d all operate on mobile devices as well as desktops and laptops.
Above all, everything should be clear, simple to use, and reduce misunderstanding. To address the same problem, every employee should be empowered to speak to the appropriate person, regardless of where they are in the organization. Then, within an acceptable workflow, solve the problem.
Microsoft Teams And Its Security Flaw
Microsoft Office may not come to mind when it comes to collaboration, but it is now at the center of Microsoft’s cloud-based office suite, Microsoft 365.
Microsoft Office remains the most widely used and thus important office suite, and while competitors such as OpenOffice and Google Workspace (formerly G Suite) have improved their functionality and ease of use, they have yet to catch up to Microsoft Office’s level of functionality and ease of use.
Despite Microsoft’s remediation, security firm Tenable claims that the vulnerability exposed a wide range of personal data, including chat logs and email, as well as files shared via OneDrive or SharePoint.
The bug might have been leveraged to take control of users’ Microsoft 365 accounts, in addition to exposing data. With this level of access, attackers may have sent emails from victims’ accounts, allowing spear-phishing and other secondary attacks to take place.
The Teams exploit makes use of a distinct Microsoft product called Power Apps, which is supposed to help developers create applications. Within Microsoft Teams, this service can be accessed via a tab.
The process for authenticating content imported into Power Apps was revealed by Tenable researchers to be trivial to manipulate. An attacker might have developed a malicious Power Apps tab capable of compromising any Teams user who clicked through by spoofing the trusted domain (https://make.powerapps.com) and spoofing the trusted domain (https://make.powerapps.com).
“Despite its simplicity, this vulnerability poses a significant risk as it could be leveraged to launch a number of different attacks across a variety of services, potentially exposing sensitive files and conversations, or to allow an attacker to masquerade as other users and perform actions on their behalf,” explained Evan Grant, Staff Research Engineer at Tenable.
“Given the number of access tokens this vulnerability exposes, there are likely to be other creative and serious potential attacks not explored in our proofs-of-concept.”
The silver lining is that only someone with the authority to create Power Apps tabs could have exploited the vulnerability. Although insider attacks are common, this means the exploit could not have been exploited by an unverified third party.