Microsoft Teams has recently patched a hole in their security that saw hackers use GIFs to attack users' computers and exploit their data. The hackers made use of seemingly innocuous GIFs to attract people and make them vulnerable to being hacked.
What happened and how did they do it?
CyberArk researchers have discovered a vulnerability that hackers can use to compromise devices and steal data just by viewing a GIF. Of course, it's already been fixed, and Microsoft was quick to address the issue CyberArk reported.
The flaw came from a compromised subdomain that was serving up those corrupted images. All a user had to do was to view the GIF. After that, an attack on his or her data connected to their accounts will be performed
If the GIF was left open even in the background, the flaw could have led to widespread data theft, ransomware, or, worse, corporate espionage. These attacks have seen substantial growth over the past month as businesses have been forced to let their employees work from home, providing them ample time online with unlimited access to anything on the internet.
Since then, Microsoft Teams, which uses workplace collaboration tools, has seen more incidents of hacking than usual.
Microsoft said, "They [users] will never know that he or she has been attacked - making this vulnerability... very dangerous,"
What this attack could mean for future hacking methods
CyberArk said that it notified Microsoft of the vulnerability in their systems on March 23, the day the lockdown began in the United Kingdom. Earlier this week, Microsoft released a patch to fix the issue. Still, there was no evidence that malicious hackers ever exploited it.
They also warned that there might be similar attacks that could replicate from this GIF attack on other platforms in the future.
A professor from the University of Surrey, Alan Woodward, said that the type of exploit had already been seen before when applicants fail to do the mandatory checks while bringing in content from external servers or "apparently harmless gifs."
It is a workable attack which "could spread very rapidly between all the users," he said. "It would be a very niche attack, probably reserved for high-value targets."
He added, "It is a really good demonstration of how data, however apparently innocuous, brought into a web-based app can be used to sneak snippets of code onto your machine and conduct functions you simply shouldn't be authorized to do."
"It also demonstrates very nicely so-called zero-click attacks - my merely displaying the gif in this attack could potentially work, no clicking in dodgy links or opening booby-trapped documents."
Woodward said that all software is bound to have security flaws eventually, saying "It's a salutary tale of why you need to keep your software updated."