This one is a point solution to a point problem: voice call security from mobile phones. In addition, however, it has optional modules that secure text and email. We will focus on the voice capabilities for this review. The KoolSpan system includes the TrustCall software for the mobile phone, the TrustChip, also for the phone, and the TrustRelay Server (not covered in this review).
Today, TrustCall only works with Android devices and BlackBerries. When one makes a secured call, the phone contacts the TrustCall Server. This relays the call to the TrustCall phone the user is dialing. If one attempts to call an unsecured phone using a secured connection, the attempt will timeout and an SMS message will appear on the dialed phone. No connection, however, will be made. If one wishes to dial an unsecured phone, TrustCall allows that option. Using the phone is simplicity itself once the software is installed. One can manage multiple users centrally using the TrustCenter Server web interface.
Every secured phone contains a TrustChip - a microSD card - that contains everything the phone needs to communicate with the TrustCall Server and, thus, with other trusted phones. The chip contains the TrustCall software - that users install on their phone - and other information that the phone needs, such as TrustGroups the phone belongs to, as well as a universal TrustGroup that allows peer-to-peer communication between any TrustCall-enabled phones. The system administrator can disable the universal group if desired. There are a lot of configuration options and the possibilities for managing secure voice communications are significant.
We tested the TrustCall encryption on a pair of Samsung Galaxy SII Android phones and a third Galaxy without TrustCall. The phones were delivered with the software preinstalled, but the directions in the manual are clear and easy to follow. There are two excellent guides, one for administrators and one for users.
Our first test involved attempting to call a non-TrustCall phone with one of the TrustCall Galaxies in its secure mode. The call never connected and when we checked the receiving phone we found an SMS message that looks like a log entry. It gives virtually no information useful to a potential intruder. Deciding to make a TrustCall connection likewise is simple. When one makes a call, they are presented with two large colorful buttons. If the red TrustCall button is selected the phone will connect with the relay server, authenticate, the server calls the receiving phone and authenticates it and, if all authentication succeeds, the call will complete.
Overall, we found this to be a strong implementation of mobile phone encryption. Military-grade voice encryption has been around for a long time, but this is the best implementation of commercial-grade voice encryption we have seen to date. TrustCall is FIPS 140-2 compliant and uses AES256 encryption. There is no perceptible distortion of the audio, the signal is as clear and strong as it would be without TrustCall, and latencies are negligible once the connection is made and the call is established.