Security risk with Microsoft app causes DoIT to block mobile access

Login information stored in the cloud service

· Feb 10, 2015 Tweet

Courtesy of Microsoft

The University of Wisconsin shut off access to the Office 365 mobile app for campus users Monday following security concerns.

The app uses a login method that sends user IDs and passwords to a third party cloud service, Brian Rust, spokesperson for Division of Information Technology, said. Rust said UW does not have an arrangement with the third party to control what they do with the login information and it is accessible by any Office 365 email administrator.

“To us that is a very insecure process,” Rust said. “We want any IDs and passwords to be encrypted when they’re sent and received by any of our service providers, whether it’s a service that we host or a service that is provided by a third party that we have an arrangement with.”

Rust said UW has contacted Microsoft about updating the security. DoIt also issued a security alert Saturday for 190 campus users of the Microsoft Outlook mobile app.

According to a statement from UW, administrators will block access to the app until a complete IT security review can be completed or Microsoft corrects the issue.

The app was developed by Microsoft for people to access their Office 365 account from a mobile device, Rust said. While the access is denied, campus users can still access their accounts from a laptop or through their mobile device, just not through the app.

“We’re hoping that they’ll fix it, certainly, because there are about 190 people who downloaded the app and were using it,” Rust said.

Several UW System universities realized the security risk at about the same time last week and took the same action to resolve the problem. UW notified those attempting to log into the app of the security risk.


This article was published Feb 10, 2015 at 5:24 pm and last updated Feb 10, 2015 at 5:24 pm


UW-Madison's Premier Independent Student Newspaper

All Content © The Badger Herald, 1995 - 2024