A nonprofit privacy watchdog is pressuring Skype to respond to its concerns over the security of its voice-over-IP services.
Privacy International said it reviewed Skype's technology and identified security deficiencies that place users at risk. Specifically, Skype's interface uses full names on its contact list instead of usernames, making it easy to impersonate others, the group said.
Also, Skype does not protect downloads from its website with HTTPS, an encryption protocol that prevents the unauthorized hijacking of private sessions, according to Privacy International. Skype's failure to provide HTTPS for downloads from skype.com could allow an attacker to trick users into downloading trojan-infected versions of Skype.
“If the company cannot address and resolve these issues for those who are seeking secure communications, then vulnerable users will continue to be exposed to avoidable risks,” Privacy International said.
“Currently, adversaries can find ways to defeat Skype's security.”
Skype said it will examine the issues Privacy International has raised and contact the group.
"Privacy International has not been in touch with us so it will take us some time to read and digest the report before we are in a position to respond,” Skype said.
“Skype takes these issues seriously and aims to provide users with the best possible levels of privacy and security."
Privacy International also expressed concerns over the variable bit rate codec used by Skype to compress audio into data for easy transmission. Research has shown that despite the use of encryption, the VBR codec allows information from VoIP calls to be leaked, the group said.
Skype, founded in 2003, is used by 23 million people worldwide during peak times, according to the company's website. During the first half of last year, Skype users made 95 billion minutes of voice and video calls.
Enterprise adoption of Skype has grown in recent years due to its promise of cost savings and improved communications. Industry experts have for some time warned, though, that Skype may pose a danger to IT security and recommended that enterprises properly gauge the risks before deploying it.