Gartner is advising business users to steer clear of IP-based voice services based on proprietary protocols.
The analyst group believes that unlike standard protocols, such as the Session Initiation Protocol (SIP), which have well-known vulnerabilities, a proprietary protocol carries hidden vulnerabilities.
For example, just like other P2P technologies such as Kaaza—of which incidentally Skype’s CEO Niklas Zennström was a co-founder— Skype is “port agile". If a firewall port is blocked Skype will look around for other open ports it can use to establish a connection. The risk is that it could provide a backdoor entry into otherwise secure networks for Trojans, worms and viruses, as well as offering a channel for corporate data to be shared freely between users without any of the usual security considerations.
In its VoIPSec report, the BSI warned that although no spectacular attacks in the business world have been reported yet, it is only a matter of time before problems emerge.
Get ready for that plague of VoIP security alerts – a security company near you is just waiting to publish its latest vulnerability report.