Can a GIF in Microsoft Teams could let your Firm be Hijacked by Hackers?

Word is Microsoft Teams patched a hole that could have let hackers to compromise and steal data even with a harmless .GIF image.

About the Microsoft Teams

Microsoft Teams is a leading communication and collaboration platform involving persistent workspace chat, video meetings, file storage, and collaboration on files. Microsoft Teams is quite popular for its first-party integration with the company's office 365 subscription. It also features an extension that integrates non-Microsoft funds.

Figure 1: Microsoft Teams

About the Incident

Team, Slack, or Zoom? Which of the platforms are you using? All these platforms are popular for conducting businesses. With the pandemic going on, every business is working hard to stay connected to the employees, consumers, and customers.

From remote learning to job interviews everything is being held from the end of the couch. With the given circumstances, the demand for these platforms has risen drastically.

Unfortunately, a flaw, both in the desktop and web browser edition of Microsoft Teams, was exploited to read user's messages, pretending to be former users, create groups, and control Teams accounts in various ways by malicious hackers.

According to the threat researcher at CyberArk, even a single .GIF image could have been enough for multiple business hijacks and traversing through an organization like a worm.

All a user is expected to do is to glance at the .GIF image via Microsoft Teams, letting hackers steal authenticated tokens and increasing the ability to spread through an organization.

For a hacker to succeed in the attack, hackers need to have an already compromised subdomain belonging to the targeted organization. The need to leverage an organization at a vulnerable subdomain significantly reduces the ability of the attacker to pull off an attack.

Fortunately, it does underline the significance of properly auditing what subdomains might exist in the organization. Even though, which were initially set up for testing and development purposes.

The vulnerability was disclosed on March 23rd. That being said, Microsoft patched the security hole within a month. Additionally, they claim that there is no evidence that the vulnerability was exploited in the wild by any criminal.