Abstract:
Collaboration platforms like Zoom and Microsoft Teams have become essential for many businesses and organizations and have experienced a surge in popularity since the onset of the COVID-19 pandemic. These platforms facilitate teamwork and communication through their video conferencing and chat capabilities. The integration of third-party extensions, known as apps, has become an important aspect of the platforms. While this allows users to extend the platform’s functionality and enables them to use third-party services directly within the platform, it also introduces potential security risks. In this thesis, we analyze the security of Zoom Team Chat’s app ecosystem. We adapted and applied the analysis of the app model on Slack and Microsoft Teams by Chen et al. [3] to Zoom Team Chat and evaluated the platform’s mitigations against these attacks. We created several proofs of concept and propose different countermeasures, finding that design choices in Team Chat mitigate or prevent most of the attacks. Finally, we analyzed the implications of app removal and compiled statistics on the apps in the Zoom Marketplace.