Findings & Conclusions
CryptTalk is a voice over IP (VoIP) solution for iOS that provides encrypted voice communication and instant messaging delivered over the Internet. Voice calls are encrypted end-to-end using AES-256 symmetric encryption, with an ECDH key exchange.
The application was found to be secured to a very good standard and no practically exploitable vulnerabilities were found. Clear evidence was present of proactive security measures, and the product’s design is very well thought-out.
Overall, the CryptTalk solution was deemed to have been designed and implemented with a commendable degree of security. The underpinning cryptographic protocol had been well conceived, and no faults were found within its implementation.
It was confirmed that an attacker with no knowledge of the user’s PIN would not be able to gain access to any sensitive information, either by intercepting traffic or analyzing data held on the device’s storage. All such data is suitably encrypted, and extraction of sensitive data from a lost or stolen device (such as messages and contacts) would be entirely dependent on knowledge of the user’s PIN (or at least seizing an unlocked device while the app is active and logged in).
It was seen that the client application made no apparent attempt to prevent execution on a jailbroken handset, despite the presence of some jailbreak-detection logic identified within the application binary. This is believed to be a result of adherence to Apple’s App Store Guidelines. NOTE: This is in fact the reason why jailbreak detection is currently not activated in the Apple App Store-distributed versions. Jailbreak detection is active in the directly distributed PRO versions.
The TURN server was noted to be running a slightly outdated software version. The possibility exists for this server to be abused by malicious Internet actors in order to anonymously relay malicious traffic, but the effort required in order to do so is considered to be prohibitive, and Arenim have clearly gone to great lengths to limit this inherent and universal weakness in the TURN protocol. Finally, it is noted that even if this component were compromised, security of end-users’ communications would not be at risk, due to the end-to-end encryption in use. NOTE: The TURN server’s software has been updated subsequent to the issuance of the NCC Security Assessment, thereby eliminating even the theoretical risk cited above.