Slack Bug Would Allow Attackers Full Access

Slack has patched a flaw reported by a third party that would have given attackers full access to user’s accounts.

Slack is a cross platform collaboration app which has gained a fair amount of popularity. The app has over one million downloads just in the Google Play Store, and has cumulative rating of 4.4 with over 41 thousand reviews.

Last week, Frans Rosén, a knowledge advisor at Detectify discovered a vulnerability in the app which he was able to exploit, allowing him to steal “your precious token”. This would allow malicious attackers the ability to take full control of a victim’s account.

Rosén quickly reported the issue to Slack. To Slack’s credit, the company awarded Rosén a $3,000 bounty, and quickly patched the vulnerability.

If you are a Slack user, be sure to update your apps to the latest available version to ensure that you are safe from this vulnerability. As I’ve stated before, it is safe to assume that nothing is un-hackable. Vulnerabilities can always be found. The true measure of a company is how they respond to these threats. In this case, Slack responded quickly and fixed the issue. I must admit that I’m impressed with the speed at which they fixed the vulnerability.

On a side note, our blogging crew here at UTB tried to use Slack for a period of time for the management of the site. The thought was that we could continue to use BBM as our social app, and utilize Slack strictly for a work group. Our time on the service was short lived. Even though the platform was feature rich, it simply did not offer us the ease of use which BBM does. In the end, we chose to continue to use BBM for all of our website management and social group.

You really can’t go wrong with BBM.

slack

Source

Brad

Founder & Owner of UTB Blogs. Former BlackBerry Elite. When I'm not talking or writing about BlackBerry, you'll find me using my BlackBerry.

Top