Criticism of Teams & Slack security:

VG word pixels

Secure applications?

A recent study on Microsoft Teams and Slack criticizes the security of both apps. Some of them have serious gaps that companies know about.

News

slack microsoft teams integration
Both Slack and Teams are used in many companies for communication.
© Slack / Microsoft / Montage: PC Magazine

An actual study on the security of app models used in corporate communications, criticizes the applications Slack and Microsoft Teams. They are not secure enough to protect users from attacks on sensitive company data.

The underlying investigations by the news site WIRED was picked up, partly show troubling gaps in their respective security models from Slack and Teams – from a lack of verification of third-party app codes to default settings that allow any user to install potentially dangerous apps for an entire workspace.

Furthermore, the researchers criticized that both Slack and Teams would potentially be able to post messages as a user after installing additional third-party apps, hijack the functionality of other legitimate apps, or even access content in private channels (specifically in the case of Slack), although the application itself no such permission granted became.

This is questionable insofar as many companies have been dependent on applications such as Teams or Slack, especially since the beginning of the pandemic. It not only collects sensitive information from private individuals, but also Company resources collected and shared. In many cases, several applications are linked to be able to communicate on many channels.

When asked by Wired, Slack pointed out that they have a collection of approved apps. These are available in the Slack App Directory and are thoroughly screened for security and suspicious behavior prior to inclusion. Therefore, Slack strongly recommends only install approved apps and allow changes only with admin rights.

See also  Total War: Warhammer 3 - This faction is added in the DLC

However, the study states that the verification of the applications by Slack is only superficial occurs because Slack itself does not have access to the actual code of the apps. In both Slack and Teams, it is also possible by default to add other apps to a workspace that do not need to be checked further.

In comparison to the App Store on iOS devices or Google Play, the security model of applications such as Slack or Teams should therefore “five to six years behind“, which is a downright scathing judgment for both companies.

Microsoft and Slack knew about the study

Microsoft has not yet commented on the study. According to the researchers, the results were communicated to Microsoft and Slack in advance. Both companies are said to have stated that they are dealing with the problem don’t define it as a security vulnerabilitysince they are based on the knowing actions of the users.

According to the researchers, however, this view lays the whole Responsibility in the hands of the users and administrators when it comes to evaluating apps. These are even less able to recognize the legitimacy of unknown apps.

See also  The iPhone 14 might not be the most important device Apple launches in 2022

Some of the problems should be able to be fixed by “relatively simple patches”. However, if the Slack and Teams applications are still hosted on third-party servers, the “deeper problem” remains. Therefore, teams and Slack would have to fundamentally overhaul their app model to be able to guarantee more security.

Microsoft

Token danger

Vulnerability discovered in Microsoft Teams

Security experts have discovered a vulnerability in Microsoft Teams. Attackers can take advantage of tokens that are stored locally.

Lead Duel Slack vs. Teams

Team collaboration tools

Microsoft Teams vs Slack: Which is Better?

Slack wants to dominate the team messenger market. Microsoft counters this with teams. Which offer is better? We compared them.

9/27/2022 from
Laura Pippig

Continue to home page

more on the subject

emotet trojan protection

company at risk

Microsoft: mail services in the focus of phishing attacks

A phishing campaign uses targeted attacks against companies that use Microsoft mail services. Outlook users must take this into account.

Credit card phishing

Wrong Sparkasse emails

Phishing mail disguised as an energy flat rate in circulation

Several phishing attempts are currently in circulation again. Among other things, Sparkasse customers are lured with a false energy flat rate.

Microsoft

Token danger

Vulnerability discovered in Microsoft Teams

Security experts have discovered a vulnerability in Microsoft Teams. Attackers can take advantage of tokens that are stored locally.

2K Games

Directly after GTA leak

2K Games Customer Support Hacked: Phishing Mails in…

The game publisher 2K Games was hacked. Unknowns gained access to the helpdesk and sent phishing emails in the name of…

HP printers

Reference-www.pc-magazin.de