One of the interesting people I met at the IET conference this week was Steve Babbage from Vodafone, who has the excellent job title of "Group Chief Cryptographer". He is Chair of the ETSI SAGE group, who have designed a lot of the crypto algorithms used in comms today. It was interesting to hear him talk about the crypto algorithms used in mobile networks today. Most GSM networks use an algorithm called A5/1 which gives adequate encryption for mobile users (but not the military, like NATO, who use enhanced systems like SCIP). Surprisingly, there is also a very weak protocol called A5/2 that is still built into every handset, and in fact with a carefully crafted man-in-the-middle attack it's possible to eavesdrop on a GSM call, or even make calls on another phone's account (cloning). In the future (with UMTS), stronger algorithms like UAE1 will come into use, to make calls more secure, but mostly GSM is doing an adequate job for a protocol that's over 20 years old.