Analyst Firm: Enterprises Should Ban Skype Due To Security Risks

Claiming the VoIP software introduces numerous vulnerabilities, Info-Tech warns "even a mediocre hacker could take advantage of a Skype vulnerability."

November 11, 2005

1 Min Read
NetworkComputing logo in a gray background | NetworkComputing

The analyst firm Info-Tech Research Group has recommended that enterprises ban the use of Skype on their networks, citing security problems with the VoIP software.

Info-Tech analyst Ross Armstrong claims that "even a mediocre hacker could take advantage of a Skype vulnerability."

The firm cites these vulnerabilities and issues with Skype:

  • It claims that Skype's encryption is closed source and vulnerable to "man-in-the-middle attacks," and says it is unclear how well the encryption keys are managed.

  • It claims that because Skype is not standards-compliant, it will allow attacks through corporate firewalls.

  • It claims that Skype is "undetectable, untraceable, and unauditable," and so puts enterprises at risk with regard to compliance laws.

  • It claims that the issue of whether VoIP calls "constitute a business record is a legal quagmire," and that "throwing Skype into the communications mix further clouds the issue."

“Approximately 17 million registered Skype users are using the service for business purposes,” Armstrong said in a statement. "Unless an organization specifies instances where Skype use is acceptable, and outlines rules for client-side Skype settings, that’s 17 million opportunities for a hacker to invade a corporate network.”

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights