Privacy International, a nonprofit privacy watchdog, this week pressured voice over internet protocol (VoIP) provider Skype to address concerns over the security of its services.
In a statement, Privacy International said it has reviewed Skype's technology and identified a number of security deficiencies that place users at risk. Specifically, Skype's interface uses full names on its contact list instead of usernames, making it easy to impersonate others, the group said.
Also, Skype does not protect downloads from its website with HTTPS, an encryption protocol that prevents the unauthorized hijacking of private sessions, according to Privacy International. Skype's failure to provide HTTPS for downloads from skype.com could allow an attacker to trick users into downloading trojan-infected versions of Skype.
“If the company cannot address and resolve these issues for those who are seeking secure communications, then vulnerable users will continue to be exposed to avoidable risks,” Privacy International said. “Currently, adversaries can find ways to defeat Skype's security.”
A spokesman for Skype told SCMagazineUS.com on Thursday that the company will examine the issues Privacy International has raised and contact the group.
"Privacy International has not been in touch with us so it will take us some time to read and digest the report before we are in a position to respond,” according to a statement. “Skype takes these issues seriously and aims to provide users with the best possible levels of privacy and security."
Privacy International also expressed concerns over the variable bit rate (VBR) codec used by Skype to compress audio into data for easy transmission. Research has shown that despite the use of encryption, the VBR codec allows information from VoIP calls to be leaked, the group said.Skype, founded in 2003, is used by 23 million individuals worldwide during peak times, according to the company's website. During the first half of 2010, Skype users made 95 billion minutes of voice and video calls.
Enterprise adoption of Skype has grown in recent years due to its promise of cost savings and improved communications. Industry experts have for some time warned, though, that Skype may pose a danger to IT security and recommended that enterprises properly gauge the risks before deploying it.
