New research shows how third-party apps could be exploited to infiltrate these sensitive workplace tools.