A software developer who designed a way to tap and record calls made on Skype and other VoIP networks has made the source code of the spying program public, a move he said will allow other programmers to build workarounds to the potential threat. The programmer, Ruben Unteregger, was tasked by his former company ERA IT Solutions to write a Trojan horse program that could tap VoIP calls for the Swiss government.

Apparently, the program bypassed Skype’s heralded encryption process, one that has vexed security officials in Europe multiple times.

In a translated interview, Untregger discussed his rationale for releasing the code.

“The code will be published, it will get analyzed as soon as the binaries got uploaded, signature patterns will be created by anti-virus companies, the malware will be detected, blocked and deleted, if it tries to infect a system,” Untregger said.

Untregger’s motives appear to be genuinely in the interest of private citizens and enterprises that use VoIP services like Skype, as the publicizing of the code makes its use by security agencies redundant, according to a Computer World report. However, making this code available could have negative repercussions if hackers can use it to build even more powerful tapping programs. Other instances of Skype hacking, such as China’s purported monitoring of dissident communication via VoIP programs, gives one pause when considering the public availability of such information.

Recent reports have surfaced that have revealed weaknesses in the ever-popular Google Voice and Skype protocols.  These weaknesses have allowed attackers to eavesdrop on third party calls and make unauthorized calls using another person’s account.

Such a vulnerability in a service as popular as this is highly concerning, but the attacks have been proven to work according to many different sources, and also the Slashdot website.  It would seem that we are now looking at two protocols, which remained secure for a long time, which now have a major vulnerability that calls into question the whole security of the architecture.

Any organization that is reliant on Google voice or Skype should now be asking themselves the question: “is it really safe for my company”? Even though according to both companies, the vulnerabilities have been fixes the truth is once a major weakness is exposed it can be very hard to trust it again.

Certainly, the fact that these technologies have been breached must be a concern for both organizations and individuals that are dependent on secure calls.  However, what alternatives are available and how do people utilize them?

One can avoid the dangers of integrating non secure solutions from Skype, Google Voice, or other non secure VOIP systems into organizations infrastructure and instead utilize technologies, which are tested, and proven more secure.