Skype Finally Gets End-to-End Encryption

The latest insider build of Skype allows users to engage in conversations that have end-to-end encryption. This means the application’s servers has no visibility into the encrypted traffic.

The Microsoft-owned app was the latest holdout among the popular messaging clients when it came to truly private communications. WhatsApp, Viber, Facebook Messenger, Google Allo, Telegram, Signal, iMessage, FaceTime and other chat apps have already provided end-to-end encryption for a while, either by default or as an optional feature.

Traditionally, instant messaging programs relay messages between users through central servers. And although the connections between individual users and those servers had encryption, it was possible to intercept communications on the server side as they were passing through.

After Edward Snowden revealed the mass internet surveillance efforts of the U.S. National Security Agency and its intelligence partners, an increasing number of messaging apps moved to end-to-end encryption, in which central servers are used only as lookup directories to put users in touch with each other. However, the keys to encrypt the chat sessions are negotiated by the client devices directly and never go through the servers.

The latest Skype Insider Preview adds a new optional feature called Private Conversations that provides end-to-end encryption for chats based on the Signal protocol, a peer-reviewed and formally verified secure messaging protocol that was developed by Open Whisper Systems and is used in its Signal app, as well as in Facebook Messenger, WhatsApp and Google Allo.

The new Private Conversations in Skype works for text messages, audio calls and sharing images, audio and video files. However, it does not yet work for video calls or group chats. Another limitation is that users can only participate in a private conversation from a single device at a time.

“You can switch the conversation to any of your devices, but the messages you send and receive will be tied to the device you’re using at the time,” said Ellen Kilbourne, a Microsoft support engineer, in a blog post.

Of course, you can only test the new feature with someone else who is also using the insider preview version. Or you can wait until it lands in the stable release. It’s not clear yet whether the feature will be added to Skype for Business.

Spectre and Meltdown Patch Update

Microsoft has resumed delivery of Meltdown and Spectre patches to some AMD-based devices after halting the updates because they left many systems in an unbootable state.

The patches are still being withheld for a “a small subset of older AMD processors,” Microsoft said in a support article without actually naming the CPUs causing trouble. The company said it’s working with AMD to resolve the issue and expects to deliver patches to those systems as well by next week.

It’s worth noting that AMD said its CPUs are not affected by the Meltdown flaw and that there’s a “a near zero risk of exploitation” on its processors for one of the two variants of Spectre due to architecture differences. That leaves only one Spectre variant in play on the company’s platforms and that flaw can be patched through software and OS updates.

Meanwhile, Nvidia and IBM have also started releasing patches for the CPU flaws.

IBM has released firmware patches for its POWER7+ and POWER8 platforms and expects to make POWER9 patches available Jan. 15. Updates for its AIX and IBM i operating systems will be released Feb. 12, while Linux patches for IBM-based systems are already available from Red Hat, SUSE and Canonical.

Nvidia said that its GPUs are not affected by the vulnerabilities, but its driver software might be impacted when running on vulnerable CPUs. As a result, the company has released updates for GeForce, Quadro and NVS Driver Software; Tesla Driver Software and GRID Driver Software.

Sponsored Content
Upcoming Webinar
Seven Deadly Saves To Security With Integrations

Seven Deadly Saves To Security With Integrations

As software increasingly plays a critical role in how leaders run businesses, we are seeing that organizations want more software produced faster while at the same time protecting themselves against cyber attackers who are finding software a more attractive target to explore. For security professionals, this expanded and more complex ... Read More
March 1, 2018

Lucian Constantin

Lucian has been covering computer security and the hacker culture for almost a decade, his work appearing in many technology publications including PCWorld, Computerworld, Network World, CIO, CSO, Forbes and The Inquirer. He has a bachelor's degree in political science, but has been passionate about computers and cybersecurity from an early age. Before he chose a career in journalism, Lucian worked as a system and network administrator. He enjoys attending security conferences and delving into interesting research papers. You can reach him at lucian@constantinsecurity.com or @lconstantin on Twitter. For encrypted email, his PGP key's fingerprint is: 7A66 4901 5CDA 844E 8C6D 04D5 2BB4 6332 FC52 6D42

lucian-constantin has 101 posts and counting.See all posts by lucian-constantin

One thought on “Skype Finally Gets End-to-End Encryption

  • January 14, 2018 at 1:19 pm
    Permalink

    End-to-end encryption in a messaging app owned by Microsoft owned by NSA?
    Ho ho.
    Get real.
    Get Signal, Telegram, ….

Comments are closed.