Summary Findings of the

CryptTalk Mobile App Uplift Security Assessment by

NCC Group PLC - Security Testing Audit and Compliance

February 2017

Findings & Conclusions

CryptTalk is a voice over IP (VoIP) solution for iOS that provides encrypted voice communication and instant messaging delivered over the Internet. Voice calls are encrypted end-to-end using AES-256 symmetric encryption, with an ECDH key exchange.

The application was found to be secured to a very good standard and no practically exploitable vulnerabilities were found. Clear evidence was present of proactive security measures, and the product’s design was very well thought-out.

Overall, the CryptTalk solution was deemed to have been designed and implemented with a commendable degree of security. The underpinning cryptographic protocol had been well conceived, and no serious faults were found within its implementation.

Summary of Findings

The following table summarizes the issues identified:

Description Critical High Medium Low Total
Mobile Application Assessment 0 0 0 1* 1*
Total 0 0 0 1* 1*

* The application supports optional TouchID authentication.

The NCC Group’s full report is available upon request.

NCC Group PLC - Security Testing Audit and Compliance
Manchester Technology Centre
Oxford Road
Manchester M1 7EF