The Security Audit of Cryptocat
A few months ago, iSEC Partners performed a security audit of the Cryptocat chat application on iOS. This audit was commissioned by the (awesome) Open Technology Fund and I was the lead tester on this project.
The final report we delivered was publicly released a week ago by the Cryptocat project. The document is available on Hacker News, and the Cryptocat project has also written a blog post about some of the issues we found and what they did to address them.
The iOS application was the main focus of our testing but we also found some interesting issues affecting the desktop clients. If you’re interested in Cryptocat and/or penetration testing in general, you should definitely have a look at the report.