Findings & Conclusions
CryptTalk is a voice over IP (VoIP) solution for iOS that provides encrypted voice communication and instant messaging delivered over the Internet. Voice calls are encrypted end-to-end using AES-256 symmetric encryption, with an ECDH key exchange.
The application was found to be secured to a very good standard and no practically exploitable vulnerabilities were found. Clear evidence was present of proactive security measures, and the product’s design was very well thought-out.
Overall, the CryptTalk solution was deemed to have been designed and implemented with a commendable degree of security. The underpinning cryptographic protocol had been well conceived, and no serious faults were found within its implementation.