Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Today, TrustCall only works with Android devices and BlackBerries. When one makes a secured call, the phone contacts the TrustCall Server. This relays the call to the TrustCall phone the user is dialing. If one attempts to call an unsecured phone using a secured connection, the attempt will timeout and an SMS message will appear on the dialed phone. No connection, however, will be made. If one wishes to dial an unsecured phone, TrustCall allows that option. Using the phone is simplicity itself once the software is installed. One can manage multiple users centrally using the TrustCenter Server web interface.
Every secured phone contains a TrustChip - a microSD card - that contains everything the phone needs to communicate with the TrustCall Server and, thus, with other trusted phones. The chip contains the TrustCall software - that users install on their phone - and other information that the phone needs, such as TrustGroups the phone belongs to, as well as a universal TrustGroup that allows peer-to-peer communication between any TrustCall-enabled phones. The system administrator can disable the universal group if desired. There are a lot of configuration options and the possibilities for managing secure voice communications are significant.
We tested the TrustCall encryption on a pair of Samsung Galaxy SII Android phones and a third Galaxy without TrustCall. The phones were delivered with the software preinstalled, but the directions in the manual are clear and easy to follow. There are two excellent guides, one for administrators and one for users.
Our first test involved attempting to call a non-TrustCall phone with one of the TrustCall Galaxies in its secure mode. The call never connected and when we checked the receiving phone we found an SMS message that looks like a log entry. It gives virtually no information useful to a potential intruder. Deciding to make a TrustCall connection likewise is simple. When one makes a call, they are presented with two large colorful buttons. If the red TrustCall button is selected the phone will connect with the relay server, authenticate, the server calls the receiving phone and authenticates it and, if all authentication succeeds, the call will complete.
Overall, we found this to be a strong implementation of mobile phone encryption. Military-grade voice encryption has been around for a long time, but this is the best implementation of commercial-grade voice encryption we have seen to date. TrustCall is FIPS 140-2 compliant and uses AES256 encryption. There is no perceptible distortion of the audio, the signal is as clear and strong as it would be without TrustCall, and latencies are negligible once the connection is made and the call is established.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.