Skype, Surveillance, and Hackers: Is VoIP Secure?
Privacy and security are always concerns when parties use technology – whether analog or digital – to communicate with one another. For persons exchanging confidential material, interception by a third party can compromise sensitive information. For persons who have nothing to hide, interception compromises the principle of privacy in general.
Wiretapping has been around since before the Internet, but the potential to collect and store information has increased exponentially since the adoption of digital communication. Mass-surveillance is now not only a possibility, but a practice in some places. Furthermore, since wireless connections do not require a physical breach to access, hackers can intercept digital information from computers thousand of miles away.
Some users are reluctant to use voice-over-Internet-protocol (VoIP) communication because they fear it is less secure than analog communication. In this article we examine the facts to give you a straight answer to the question: is VoIP secure?
Answer #1: Not Necessarily
Microsoft’s popular message, voice, and video chat application, Skype, is the prime example of a VoIP service that is not secure. Although Skype encrypts user data, Microsoft holds the key to that encryption. So the company can access user data (including past and present communications) in the case of, for example, a government request.
Users have also identified several weaknesses in the Skype code that let hackers track a user’s IP addresses [1] and remotely take over an account (remedied) [2]. Unlike other VoIP providers, Skype does not make its code available to independent auditors [3]. This means no impartial evaluation exists of either the code’s security weaknesses or its strengths.
Answer #2: But It Can Be
Not all VoIP services are Skype. There are a slew of personal VoIP services that offer end-to-end encryption including Tox.im, Bleep by BitTorrent, and Silent Circle. When data is encrypted end-to-end, there is no key that can unlock it in transit. This means the only vulnerable points in transmission are the send-point and the receive-point, and these are difficult for third parties to access.
Because corporate secrets are serious business, enterprises require a communication pathway with a high level of security. Luckily, VoIP services designed for businesses are almost exclusively private and secure. This is because enterprise VoIP lines are integrated into a business’s private branch exchange (PBX), virtual personal network (VPN), or wireless local area network (WLAN). PBXs, VPNs, and WLANs are securely protected with both encryption and firewalls.
