Whilst Slack’s userbase is smaller, its usage among some of the most prestigious and trusted companies in the world – nearly 80% of Fortune 100 companies use the platform.īut it’s also the sheer volume of sensitive data held within them.
WORK SLACK PRIVACY SOFTWARE
This isn’t just any small-scale project management software app or CRM system– Microsoft Teams alone has 270 million users, a huge proportion of the business world and a massive attack surface. The global reach of both these applications makes the new findings all the more concerning. And, as aforementioned, a user doesn’t have to have a particularly privileged account to add this to the entire workspace. Reviews that do take place, the study finds, are cursory and inadequate. Both platforms, for instance, allow integration with a given app's servers without a review from either company’s Tech development teams.
However, this couldn’t be farther from the truth. With such security flaws surrounding third-party applications, you’d expect both Slack and Microsoft Teams to have stringent vetting processes for plug-ins, add-ons, and integrations. Poor Third-Party App Vetting From Both Platforms
WORK SLACK PRIVACY INSTALL
This last vulnerability is perhaps the most concerning, as this would let any user install a third-party app for an entire workspace. The researchers also managed to launch fake video calls, and automatically merge code into repositories without any user involvement or approval. The researchers were able to orchestrate three “proof-of-concept” attacks, the first being the ability to eavesdrop on messages sent by users without permission to do so. “Compared to iOS or Android, I would say their security model is at least five to six years behind,” – Yunang Chen, University of Wisconsin. These issues could, in theory, allow “a malicious app to exploit the confidentiality and integrity of user messages and third-party resources connected to the platform.” The researchers found that the “access control model in these systems violates two fundamental security principles: least privilege and complete mediation.”
0 kommentar(er)
