Read Time:1 Minute, 39 Second
Third-party apps could access and compromise companies’ confidential collaboration platforms.
As messaging platforms became mainstream, researchers found that they could pose serious user risks. A study from the University of Wisconsin-Madison revealed the flaws of the said apps in terms of their security models. These flaws vary from default settings that let any user install an app for an entire workplace to a lack of code review.
Working remotely has become a challenge to different companies during the onset of the pandemic. But, with the help of collaboration apps like Slack and Teams, communication between team members has been made easy. These tools serve as a thread tying users altogether through chats and video conferencing.
Yet, the third-party apps integrated by Slack and Microsoft into their software may access users’ personal information and confidential company data. The study’s examination of these protective measures revealed that hundreds of apps’ permissions would potentially permit them to post messages as a user. It is also one of their ways to hijack the functionality of other legitimate apps or even, in a few instances, access content in private channels without user permission. This is true even though Slack and Teams apps are at least restricted by the permissions they ask for upon installation.
Earlence Fernandes, one of the researchers on the study, said: “Slack and Teams are becoming clearinghouses of all of an organisation’s sensitive resources,” But both companies fail to properly vet other apps’ actual code before approving their integration.
The study requires both Slack and Microsoft Teams to fill security gaps. Although Slack has given the organisation’s administrators the authority to approve apps and manage security settings, they still do not have access and ability to codes that determine whether the software is credible or malicious.
Overhauling their software means carefully vetting third-party integrations’ codes, continuous code monitoring, and enforcing strict permissions. No host would want to have an uninvited guest at their intimate party.
Happy
0 %
Sad
0 %
Excited
0 %
Sleepy
0 %
Angry
0 %
Surprise
0 %
0
0
