Hack Microsoft Teams Account Just by Sending Gif Image

We had seen many security and vulnerability issues on Zoom video conferencing tool during this Coronavirus pandemic. At the same time software giant, Microsoft had also come up with its service called Microsoft Teams. After security issues on Zoom, many users shifted to Microsoft team.

Now researcher from CyberArk, an information security company reported account takeover vulnerability in Microsoft Teams. The successful exploitation of the bug leads hackers (attackers) to hijack an entire roaster of MS Teams accounts at an organization by sending malicious URLs or GIF images to Teams users. 

The vulnerability resides in the Microsoft Teams processes authentication access tokens and passes them to resources containing images. If an attacker manages to create a GIF file or URL, Teams will send the authentication token to the attacker’s server while processing it. 

To make the attack successful via sending a link, the victim should click on the link but in the case of GIF image, the attack can be successful if the user views the image in Teams chat. Once the image is viewed or URL clicked, the attacker receives the token. 

$ads={2}
Using this token, the attacker can hijack the victim’s Teams account by exploiting its API interfaces, and can access victim’s data on Teams, send messages, create and delete groups on the victim’s behalf, or modify a group’s permissions. 
Attackers can move further after receiving the tokens can perform many malicious activities. After hijacking the account attacker can access sensitive data, login credentials, business strategies/plans, and meeting schedules. Furthermore, it can also cause financial damage, data leakage, install malware, lure an employee to reset the password by impersonating as a team member.

Proof-of-Concept Video

The researcher had reported the issue to Microsoft via CVD (Coordinated Vulnerability Disclosure). With this Microsoft have already patched the bug and released the fix. Microsoft claims that the the vulnerability wasn’t yet exploited by hackers, and now that it has been fixed, there is no threat to the users of Microsoft Teams. 

*

Post a comment (0)
Previous Post Next Post