Only 6.5 million people in North America use global system for mobile communications cell phones -- through providers such as Pacific Bell Wireless and VoiceStream Wireless -- but worldwide, it's the most widely used standard, accounting for 65 percent of the total wireless digital market. GSM phones are increasingly popular in the United States because they allow roaming in Asia and Europe upon insertion of the appropriate smart card.

Since Western Europe can't export encryption products to certain countries, such as targets of United Nations sanctions, the default version of the GSM protocol does not use encryption. This in itself isn't necessarily a problem, said David Wagner, a professor of computer science at the University of California-Berkeley, but GSM also does not authenticate its base stations, the hardware that communicates with the handsets -- and that is potentially troublesome.

Experts said it is possible to build a phony base station that jams the signal from the real base station and forces the cell phone to connect to it. The base station then tells the cell phone, in essence, "You're in Iraq, don't use encryption," and the call proceeds unprotected with the false base station relaying information between the real base station and the handset.

A handful of researchers have been aware of the loophole for several years now, but it's been "a well-kept secret," Wagner said.

Security experts call this a "man-in-the-middle" attack because the phony base station sits between the handset and the real base station, intercepting their communications, but neither the real base station nor the handset knows it's there.

"We know about it as a technical issue, but we haven't seen it demonstrated," said James Moran, fraud and security director at the GSM Association. He added that building an interception device would require considerable technical skill. Moran said the next GSM standard would address the problem.

Other cell phone standards probably don't authenticate base stations either, Wagner said, perhaps because their designers were more concerned with preventing handset cloning, which allows someone to bill his or her calls to someone else's number. But the phony-base-station trick is a particular problem for GSM because different strengths of encryption are used in different places.

"Whenever you have to support both weak and strong cryptography, one very real risk is that you end up with 'least common denominator' security," Wagner said.

Cracking different pieces of the cryptography that protects GSM cell phones from eavesdropping has long been a favorite pastime for computer security researchers. Just last December, two Israeli researchers announced that they had found a fast method of cracking the A5/1 algorithm, the strong encryption used to protect GSM phone calls in Europe and the United States. But the phony-base-station strategy obviates the need for any encryption busting.