Microsoft Teams offers the possibility to integrate your own communication infrastructure, e.g. your own SIP provider for phone services. This requires a Microsoft certified and approved Session Border Controller.
During the security analysis of this federation, Moritz Abrell identified vulnerabilities that allow an external, unauthenticated attacker to perform toll fraud. This talk is a summary of this analysis, the identified security issues and the practical exploitation, as well as the responsible disclosure.
To further illustrate the significance and risks of such attacks, the results of a VoIP threat analysis collected via a developed SIP honeypot will be presented.
This presentation will be held by Moritz Abrell. Moritz is an experienced expert in Voice-over-IP and network technologies with a focus on information security. He works as a senior IT security consultant and penetration tester for the Germany-based pentest company SySS GmbH, where he deals daily with the practical exploitation of vulnerabilities and advises customers on how to fix them.
In addition, he regularly publishes his security research in blog posts or presents it at IT security conferences.
Don't miss this talk if you want to secure your "Direct Routing" installation.