Microsoft has launched a bounty program for its Teams communication platform. With people now more than ever working remotely due to Covid-19 restrictions, there’s an increased need for robust security protocols to protect business communication apps such as Teams. Of course, the proactive involvement of security researchers from around the world is imperative to achieving this objective.
The Microsoft Teams bounty program will see white hat hackers get between $6,000 and $30,000 to sweep for high-impact vulnerabilities. Security researchers who find security issues related to cross-site scripting (XSS) are eligible for a reward that starts at $6,000. Microsoft underlines that exploits of this nature should only be in the context of teams.live.com or teams.microsoft.com. There should also be minimal user interaction involved. On the other hand, security loopholes that allow XSS code to be executed arbitrarily with no user interaction stand to get a $10,000 minimum payoff.
Third on the list in the Teams bounty program is obtaining a user’s authentication credentials. To qualify for the reward, a bounty hunter should demonstrate the ability to steal a user’s authentication token without relying on a phishing attack. The reward starts at $15,000. Highest on the list is the identification of an exploit allowing remote code execution in the context of a current client, while requiring no user interaction. For this effort, the company is paying out a minimum $30,000 award.
That said, vulnerabilities identified outside the High Impact program can qualify for a $500 minimum remuneration, but this is at the sole discretion of the company.
To participate in the Microsoft Teams bounty program, candidates are required to undertake testing on their own Teams subscription accounts. Additionally, the bugs reported must also be replicable on the latest Microsoft Teams desktop client version installed on the latest patched versions of Linux, Windows, or macOS.
Finally, Microsoft prefers that the exploit instructions be clear and relayed via text or video. In a nutshell, the submitted guidelines should allow the company’s security team to promptly replicate the scenario and ascertain exploitability.
A Recent Hack
The Microsoft Teams bounty program comes at a time when the company is facing serious competition from fast-rising group communication and collaboration platforms such as Slack and Zoom. With the recent Microsoft Exchange attack stirring individual clients and businesses that rely on its software, the tech giant is looking to mollify users by fortifying app security.
The Teams application has seen tremendous growth over the past year adding over 90 million users. It is also a key revenue generator for the Redmond-based tech firm. In 2020, its revenues reached $6.8 billion, an impressive 700 percent increase compared to the previous year. Today, over 500,000 organizations worldwide use the application.