Microsoft has fixed a security flaw in the Teams collaboration service, which could allow a hacker to hijack user accounts by using a malicious image as bait in a chat channel. The security flaw in Microsoft Teams was recently identified by CyberArk Software, a cyber security provider.
Microsoft Teams has an authentication mechanism that ensures users to view images shared with them in a chat channel. After verifying that a person has access rights, the mechanism assigns them a unique authentication token.
As per a report published by CyberArk, a potential hacker can use this unique image viewing-token for gaining access to the user’s Microsoft Teams account. After gaining access, hackers can read victims’ messages, send messages on their behalf to colleagues and further compromise more Teams users in their company. This vulnerability could have spread like a worm virus if it was not fixed by Microsoft’s timely intervention.
How do hackers gain access?
Firstly, only by compromising a poorly protected user account or by tricking a worker into sending an invite via a phishing email this vulnerability can be exploited.
Once inside, an attacker can post a GIF image file to the chat room with a malicious HTML attribute to hijack the image-viewing tokens of all the users who view the image. After the victim opens this message, their browser will try to load the image while simultaneously sending the ‘authtoken’ cookie to the compromised Microsoft Teams sub-domain.
However, this malicious image can send data only to the sub-domains linked to MS Teams servers which makes it a complex attack. CyberArk was able to identify two vulnerable Teams sub-domains that could have been targeted if the fix had not been released.
