The analyst firm Info-Tech Research Group has recommended that enterprises ban the use of Skype on their networks, citing security problems with the VoIP software.
Info-Tech analyst Ross Armstrong claims that "even a mediocre hacker could take advantage of a Skype vulnerability."
The firm cites these vulnerabilities and issues with Skype:
- It claims that Skype's encryption is closed source and vulnerable to "man-in-the-middle attacks," and says it is unclear how well the encryption keys are managed.
- It claims that because Skype is not standards-compliant, it will allow attacks through corporate firewalls.
- It claims that Skype is "undetectable, untraceable, and unauditable," and so puts enterprises at risk with regard to compliance laws.
- It claims that the issue of whether VoIP calls "constitute a business record is a legal quagmire," and that "throwing Skype into the communications mix further clouds the issue."
“Approximately 17 million registered Skype users are using the service for business purposes,” Armstrong said in a statement. "Unless an organization specifies instances where Skype use is acceptable, and outlines rules for client-side Skype settings, that’s 17 million opportunities for a hacker to invade a corporate network.”