(New Scientist) The encryption system that protects the almost 900 million users of GSM cell phones from instant eavesdropping or fraud is no longer impregnable, cryptologists claim.

Researchers at the Technion-Israel Institute of Technology in Haifa say they have found a way to defeat the security system, exploiting a flaw in the way the encryption is applied.

With GSM, the voice is encoded digitally. But, before this data is encrypted, it is corrected to help compensate for any interference or noise, says Eli Biham, who led the Technion team. This gives an opportunity for a “man in the middle” attack, in which the call is intercepted between the handset and the network base station.

“At first, I didn’t believe it. But we checked our finding again and again, and it was true,” Biham told New Scientist. He says the delegates at the Crypto 2003 conference in Santa Barbara, where the work was presented, were “shocked, astounded, interested and congratulatory”.

The GSM Association, which represents the global industry, acknowledges that the research “goes further than previous academic papers” and “appears to be feasible”. But spokesperson Ian Volans says: “It is only theoretical, rather than an imminent threat to the security of people’s calls.” To actually crack the GSM encryption “would take several hundreds of thousands of pounds and lots of skill to reprogram the equipment needed”, Volans told New Scientist.

Listening in

The GSM encryption ciphers were kept secret until 1999, when Marc Briceno of the University of California at Berkeley managed to reconstruct the algorithms used.

Biham says there have been many attempts since them to crack them, but all required first listening to the call during its initial minutes and were impractical. In contrast, he says, the new approach could defeat the encryption while the phone is ringing, before being answered.

The Technion team’s attack is on the A5/2 version of the GSM encryption algorithm, introduced in 1996. An upgrade was introduced in 2003, but Biham claims the attack can overcome that as well. “We can interfere with any of the 850 million GSM phones around the world,” he says.

The GSM Association says the approach “requires the attacker to transmit distinctive data over the air to masquerade as a GSM base station”. This is illegal in most countries, the association says, so anyone attempting an attack on a significant scale would expect to be traced and caught.

The Technion team has applied for a patent on the method, but say they would only license the technology to legitimate users, such as law enforcement agencies

Both the GSM Association and the Technion team agree that the new attack strategy would not affect 3G phones, which use different security protocols.