SOS consultant presents at Ruxcon 2015

VoIP Wars: Destroying Jar Jar Lync

Enterprise companies use Microsoft Lync 2010/2013 (a.k.a Skype for Business 2015) services for call centres, internal communication, cloud communication and video conferencing services. It is based on VoIP and instant messaging protocols, and supports multiple client types such as Microsoft Office 365, Microsoft Lync, Skype for Business, IP phones and teleconference devices. Also official clients are available for mobile devices (e.g. Windows phone, Android and iOS), desktops (Mac, Linux and Windows) and web applications developed with the .NET framework.

Although the Microsoft Lync platform was developed using new technologies, it still suffers many old VoIP, teleconference and platform issues. Modern VoIP attacks can be used to attack Microsoft Lync environments to obtain unauthorised access to the infrastructure. Open MS Lync frontend and edge servers, insecure federation security design, lack of encryption, insufficient defence for VoIP attacks, and insecure compatibility options may allow attackers to hijack the enterprise communication. The enterprise users and employees are also the next generation targets for these attackers. They can attack the client soft phones and handsets using the broken communication, invalid protocol options and malicious messaging content to compromise sensitive business assets. These attacks may lead privacy violations, legal issues, call/toll fraud and intelligence collection.

Attack vectors and practical threats against the Microsoft Lync ecosystem will be presented with newly published vulnerabilities and Microsoft Lync testing modules for the Viproy VoIP kit developed by Fatih Ozavci (the speaker). This will be accompanied by live demonstrations against a test environment.

  • A brief introduction to Microsoft Lync ecosystem
  • Security requirements, design vulnerabilities and priorities
  • Modern threats against commercial Microsoft Lync services
  • Demonstration of new attack vectors against target test platform
  • Options for securing the Microsoft Lync platform