Researchers warned about security flaws in Slack and Microsoft Teams.

Researchers warned about security flaws in Slack and Microsoft Teams

A new study performed by the researchers at the University of Wisconsin-Madison reveals some possible security flaws in widespread communication and online collaboration platforms Slack and Microsoft Teams. The 18-page analysis was performed by Yunang Chen, Yue Gao (equal contribution), Nick Ceccio, Rahul Chatterjee, Kassem Fawaz, and Earlence Fernandes and published at

According to the researchers, the security issues are caused by third-party apps. The issues vary from configuration ones that allow the installation of the app for an entire workspace to code, which is rarely reviewed by Slack and Microsoft engineers and can contain anything. In addition, those apps can be hosted on the server which belongs to the developer of the app. According to the study, the existing apps may potentially post messages from the user’s account, affect functions of other apps, and in rare cases, get access to the private channels without permission.

The article posted by WIRED says that they reached out to Slack and Microsoft to get their feedback about the researchers' findings. According to their information, Slack stated that there is a collection of approved apps in the Slack Apps Directory. They are undergoing security reviews and are screened for any suspicious activity. The administrators of the workspaces have to restrict installing apps without admins’ permissions, and users are strongly recommended to install only the approved apps. And Microsoft refused to post any comments until it could communicate with the researchers. However, according to the information posted by the scientists, they reached Microsoft with information about their findings before posting it.

Image credit: Photo by Austin Distel on Unsplash

Reading next

FARGO ransomware infects servers with MS SQL
Cloudflare announced a new alternative to CAPTCHA

Interested in a specific business & technology topic and looking for an article in our blog but haven't found one yet?

If you haven't come across an article that matches your query, feel free to suggest the topic to us, and we'll consider featuring it in our blog. Share your suggestion in the form below, and we'll be sure to review your request.

Talk with us

If you have any questions or problems in your business that can be solved with technical solutions, just let us know. We'll do everything we can to help you.