The encryption system that protects the almost 900 million users of GSM cell phones from instant eavesdropping or fraud is no longer impregnable, cryptologists claim.
Researchers at the Technion-Israel Institute of Technology in Haifa say they have found a way to defeat the security system, exploiting a flaw in the way the encryption is applied.
With GSM, the voice is encoded digitally. But, before this data is encrypted, it is corrected to help compensate for any interference or noise, says Eli Biham, who led the Technion team. This gives an opportunity for a "man in the middle" attack, in which the call is intercepted between the handset and the network base station.
"At first, I didn't believe it. But we checked our finding again and again, and it was true," Biham told New Scientist. He says the delegates at the Crypto 2003 conference in Santa Barbara, where the work was presented, were "shocked, astounded, interested and congratulatory".