Computer security researchers from the company Vectra have identified a major security flaw in the Microsoft Team computer software. This flaw can allow a hacker to see login tokens in plain text and thus easily take control of the account.
With the Covid-19 pandemic, Microsoft Teams has become an ultra-popular communication solution used by many companies to hold discussions and meetings.
Used mainly in a professional setting, several sensitive information can be found there and it can become a good gateway for a hacker to spread ransomware in particular.
This is why the flaw discovered by computer security researchers at Vectra is alarming, since the connection tokens would be available in the clear.
A flaw in Teams for PC, Mac and Linux computers
The flaw would affect the Microsoft Teams application for PC, Mac and Linux computers according to the report published by Vectra.
Thus, when we connect to our account on the application, a connection token is created, which basically allows us to close and reopen the application without having to re-enter our information.
These connection tokens or access tokens are supposed to be secure, since they contain sensitive information.
However, this would not be the case on the Microsoft Teams application, since everything would be in the clear. That is, the token information is fully visible.
For many, the Microsoft Teams login information is the same as their Microsoft account, which opens the door to several other software for a hacker. We can think of Outlook and Skype in particular in addition to all the information from our Microsoft account.
Connor Peoples from Vectra mentions:
“After analysis, it was determined that these access tokens were active and that this is not an incident related to a previous bug. These access tokens gave us access to the Outlook and Skype APIs. This attack does not require special permissions or advanced malware to result in major internal damage. “.
We can thus imagine all the potential damage that this could generate if a pirate got his hands on an account of this kind.
How to protect against the breach on Microsoft Teams
The good news (if there is any) is that Microsoft has been made aware of the flaw and plans to roll out an update to the Teams app to fix it.
The other “good news” is that these login tokens can only be viewed if the hacker has access to his victim’s local network.
We must therefore, as always, be super vigilant to phishing attempts since this is how we let the wolf into the fold.
Finally, while waiting for Microsoft’s update, Vectra recommends Teams users to swap the application for the web version. That is to say, via a web browser such as Edge, Chrome or Firefox, since the browsers do not leave the information of the connection tokens clear.