Microsoft Teams and Zoom can be hijacked to give hackers the keys to your kingdom

• Experts say Microsoft Teams and Zoom are perfect for hiding Ghost Calls
• Attackers can obtain temporary TURN credentials and create a tunnel
• Vendors must implement safeguards, because there are no vulnerabilities in sight

Researchers from Praetorian have shed the light on Ghost Calls, a post-exploitation command-and-control evasion technique which send attacker traffic through legitimate Traversal Using Relays around NAT (TURN) servers used by the likes of Zoom and Microsoft Teams, to evade detection.

The attack works by hijacking the temporary TURN credentials that conferencing calls receive when they join a meeting, and then establishing a tunnel between the compromised host and the attacker's machine.

Because all the traffic is routed through trusted Zoom/Teams IPs and domains, which are typically whitelisted inside enterprises, these types of hijacking attacks can fly under the radar.