The analyst firm Info-Tech Research Group has recommended that enterprises ban the use of Skype on their networks, citing security problems with the VoIP software.
Info-Tech analyst Ross Armstrong claims that "even a mediocre hacker could take advantage of a Skype vulnerability."
The firm cites these vulnerabilities and issues with Skype:
It claims that Skype's encryption is closed source and vulnerable to "man-in-the-middle attacks," and says it is unclear how well the encryption keys are managed.
It claims that because Skype is not standards-compliant, it will allow attacks through corporate firewalls.
It claims that Skype is "undetectable, untraceable, and unauditable," and so puts enterprises at risk with regard to compliance laws.
It claims that the issue of whether VoIP calls "constitute a business record is a legal quagmire," and that "throwing Skype into the communications mix further clouds the issue."
“Approximately 17 million registered Skype users are using the service for business purposes,” Armstrong said in a statement. "Unless an organization specifies instances where Skype use is acceptable, and outlines rules for client-side Skype settings, that’s 17 million opportunities for a hacker to invade a corporate network.”