It was certain to happen sometime. Voice over IP leader Skype’s admission of critical flaws in its software has provoked a minor storm over the security of VoIP in general; users who want to save money through deploying VoIP services could find themselves blowing their savings on measures to secure them.
Most notable among the flaws are two, if exploited in Windows version 1.1 to 1.4 of Skype, which could allow attackers to take over a user's system, by tricking users to click on a specially crafted URL, or by requiring the user to import a malicious vCard.
Although the flaws have been dubbed “highly critical”, the good news is that there is no known malicious software that takes advantage of the bugs, nor has there been any widespread attack to date.
There are around 61 million registered Skype users and, ironically, eBay’s recent acquisition of the company probably makes an attack more likely.
While Skype was small, independent firm producing free VoIP software that beat the established telcos at their own game, it was free from trouble. Now, the company is a true enterprise comms suppler and eBay’s recent decision to pay paid £1.5bn for Skype probably increases the prospect of the acquisition being viewed by the hacking community as “fair game”.