Slack and Microsoft Teams have some rather worrying security flaws

News
By published

Third-party apps can be integrated with few security checks

Slack
(Image credit: Slack)

Slack and Microsoft Teams, arguably the two biggest communications and online collaboration platforms around today, allow for the inclusion of hundreds of third-party apps, and that’s a security nightmare, experts have said.

Researchers at the University of Wisconsin-Madison argue that third-party apps rarely have their code reviewed by programmers at Slack and Microsoft. Even those that do, undergo a relatively superficial analysis, in which the reviewers analyze if the app works as intended, if it encrypts data, and run an automated scan that looks for vulnerabilities. 

The rest just sits on the apps’ developers’ servers and freely integrates with Slack and Microsoft Teams.

Major risks

With these platforms becoming the defacto operating systems of corporate productivity, this is a major security risk, researchers claim.

“Slack and Teams are becoming clearinghouses of all of an organization’s sensitive resources,” Earlence Fernandes, one of the study’s authors, and a professor of computer science at the University of California at San Diego, said. “And yet, the apps running on them, which provide a lot of collaboration functionality, can violate any expectation of security and privacy users would have in such a platform.”

For the time being, Microsoft is keeping silent on the matter, until it is able to speak to the researchers more thoroughly. 

Read more

> Zoom's answer to Slack is getting a new name and some new tools

> Watch out, Zoom - Slack is here to eat your lunch

> Check out the best firewalls right now

Slack, on the other hand, said it has a collection of approved apps that can be found in the Slack App Directory, and “strongly recommends” users install these apps, only, on their endpoints. These, the company added, receive security reviews before inclusion, and are monitored for suspicious behavior. 

Furthermore, Slack suggests IT admins configure their workspaces to allow users to install apps only with admin permission. "We take privacy and security very seriously and we work to ensure that the Slack platform is a trusted environment to build and distribute apps, and that those apps are enterprise-grade from day one,” the company concluded.

Via: Wired

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Video conferencing
Microsoft Teams vs Slack: Which video collaboration service is best?
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
A group of people video conferencing.
Best Microsoft Teams app of 2025
A person at a laptop with a cybersecure lock symbol floating above it.
An unprotected AI service is streaming private Slack messages online
Data Breach
Thousands of widely-used public workspaces are leaking data
Holographic representation of cloud computing over open businessman's hand
Businesses are struggling to address vulnerabilities hidden in phantom dependencies
Latest in Software & Services
woman listening to computer
AWS vs Azure: choosing the right platform to maximize your company's investment
A person at a desktop computer working on spreadsheet tables.
Trello vs Jira: which project management solution is best for you?
Autonomous finance
Quickbooks vs Quicken: what are the main strengths and weaknesses for your business
finance
Quickbooks vs Xero: which is the best for your business?
Group of people meeting
Zoom vs Google Meet: which is the best video conferencing tool for your business?
Fingers typing on a computer keyboard.
Microsoft 365 Personal vs Microsoft 365 Family: are there any real differences?
Latest in News
Apple iPhone 16 Pro Max REVIEW
The latest batch of leaked iPhone 17 dummy units appear to show where glass meets metal on the new designs
Hornet swings their weapon in mid air
Hollow Knight: Silksong could potentially launch this year and I reckon it could be a great game for an Xbox handheld
ransomware avast
Ransomware attacks are costing Government offices a month of downtime on average
Cassian looking at someone off-camera from a TIE fighter cockpit in Andor season 2
Star Wars: Andor creator is taking a stance against AI by canceling plans to release its scripts, and I completely get why
Nintendo x Seattle Mariners partnership
The Nintendo Switch 2 logo will be featured on the Seattle Mariners' baseball jerseys this season
Apple iPhone 16 Pro Max Review
Siri's chances to beat ChatGPT just got a whole lot better
More about software services
A person at a desktop computer working on spreadsheet tables.

Trello vs Jira: which project management solution is best for you?
finance

Quickbooks vs Xero: which is the best for your business?
I Hate This Place artwork

Bloober Team is keeping busy as it announces its next survival horror game I Hate This Place and offers a new look at its upcoming title Cronos: The New Dawn
See more latest
Most Popular
I Hate This Place artwork
Bloober Team is keeping busy as it announces its next survival horror game I Hate This Place and offers a new look at its upcoming title Cronos: The New Dawn
Equal1 Bell-1 quantum computer
This is the first quantum computer you can actually buy (and use, and power): Equal1's Bell-1 uses a standard power socket
Ryzen AI Max+ 395
Obscure Chinese PC vendor gets preferential AMD treatment as Lisa Su signs first desktop PC with Ryzen AI Max+ 395 ahead of May launch
Apple iPhone 16 Pro Max REVIEW
The latest batch of leaked iPhone 17 dummy units appear to show where glass meets metal on the new designs
SanDisk Slim Dual Drive
This is the first 2TB dual-port external SSD ever and it's not as expensive as you may think
Bimawen B15.6 TV Pro
A sign of things to come? This portable monitor comes with Google TV, a remote control and a very well hidden Android PC
Cassian looking at someone off-camera from a TIE fighter cockpit in Andor season 2
Star Wars: Andor creator is taking a stance against AI by canceling plans to release its scripts, and I completely get why
Kioxia LC9 2.5 SSD
After 7 years, Exadrive's 100TB 2.5-inch SSD is finally superseded by a far superior 122.88TB model from Kioxia
Nintendo x Seattle Mariners partnership
The Nintendo Switch 2 logo will be featured on the Seattle Mariners' baseball jerseys this season
ransomware avast
Ransomware attacks are costing Government offices a month of downtime on average