Microsoft is offering big money if you can hack Teams

bug bounty
(Image credit: N/A)

Microsoft’s Security Response Center (MSRC) has announced a new bounty program for any ethical hackers able to unearth vulnerabilities in Microsoft Teams.

Like all major software vendors, Microsoft operates a number of bug bounty programs that offer rewards to external developers for highlighting shortcomings in its apps. Th enew Microsoft Applications Bounty program is specifically designed to identify security gaffes in the apps such as the Team desktop client.

Microsoft Teams has rapidly grown over the past year to become one of the most important online collaboration platforms around as remote working grew in response to the Covid-19 pandemic.

TechRadar needs yo...

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> <a href="https://project.tolunastart.com/s/r9AXk4" data-link-merchant="project.tolunastart.com"" target="_blank">Click here to start the survey in a new window<<

“Microsoft and security researchers across the planet continue to partner to help secure customers and the technologies we use for remote collaboration,” says Lynn Miyashita, Program Manager, MSRC.

Bounties up to $30,000

Miyashita adds that the new bounty program is an extension of the existing efforts to ensure the security of the app. 

The program’s goal is to uncover significant technical vulnerabilities that Microsoft says should have a demonstrable and direct impact on the security of the users of the Teams desktop client. The program offers bounties ranging from $500 to $30,000. 

MSRC has identified five critical scenarios that do the maximum damage, and vulnerabilities affecting those start at $6000. Vulnerabilities outside the purview of these five scenarios pay between $500 and $15000.

While the Teams desktop client is currently the only application that’s listed under the new Applications Bounty program, Miyashita says that they’ll soon expand the scope of the program to include other apps as well. 

The news comes shortly after Microsoft  announced a host of new security features for Teams, including limited end-to-end encryption (E2EE) functionality. This additional protection will be available to paying users and will initially apply to one-on-one meetings only, although Microsoft has hinted that E2EE will be extended to other meeting types further down the line.  

Rival video conferencing service Zoom found itself in hot water at the start of pandemic, when it emerged that claims its meeting participants were protected by full end-to-end encryption were unfounded.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.