0

Slack and Microsoft Teams have some rather worrying security flaws

 2 months ago
source link: https://www.techradar.com/news/slack-and-microsoft-teams-have-some-rather-worrying-security-flaws
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Slack and Microsoft Teams have some rather worrying security flaws

published about 1 hour ago

Third-party apps can be integrated with few security checks

Slack

(Image credit: Slack)

Audio player loading…

Slack and Microsoft Teams, arguably the two biggest communications and online collaboration (opens in new tab) platforms around today, allow for the inclusion of hundreds of third-party apps, and that’s a security nightmare, experts have said.

Researchers at the University of Wisconsin-Madison argue that third-party apps rarely have their code reviewed by programmers at Slack and Microsoft. Even those that do, undergo a relatively superficial analysis, in which the reviewers analyze if the app works as intended, if it encrypts data, and run an automated scan that looks for vulnerabilities. 

The rest just sits on the apps’ developers’ servers and freely integrates with Slack and Microsoft Teams.

Major risks

With these platforms becoming the defacto operating systems of corporate productivity, this is a major security risk, researchers claim.

RECOMMENDED VIDEOS FOR YOU...Tech Radar Pro

“Slack and Teams are becoming clearinghouses of all of an organization’s sensitive resources,” Earlence Fernandes, one of the study’s authors, and a professor of computer science at the University of California at San Diego, said. “And yet, the apps running on them, which provide a lot of collaboration functionality, can violate any expectation of security and privacy users would have in such a platform.”

For the time being, Microsoft is keeping silent on the matter, until it is able to speak to the researchers more thoroughly. 

Slack, on the other hand, said it has a collection of approved apps that can be found in the Slack App Directory, and “strongly recommends” users install these apps, only, on their endpoints (opens in new tab). These, the company added, receive security reviews before inclusion, and are monitored for suspicious behavior. 

Furthermore, Slack suggests IT admins configure their workspaces to allow users to install apps only with admin permission. "We take privacy and security very seriously and we work to ensure that the Slack platform is a trusted environment to build and distribute apps, and that those apps are enterprise-grade from day one,” the company concluded.

Via: Wired (opens in new tab)

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.


About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK