I have written before about how the encryption used by GSM cell phones is not secure. At the upcoming Defcon conference, Chris Paget is planning to demonstrate how the cryptoscheme in GSM can be circumvented completely, using a man-in-the-middle attack, based around a device called an ‘IMSI catcher.’ Specifically, he is planning to “intercept and record cellular calls made by [his] attendees, live on-stage, no user-input required.”
This is a good illustration of some of the limitations of cryptography. Even very sound encryption algorithms are often used in ways that make them vulnerable to attack, including man-in-the-middle attacks where legitimate senders and receivers don’t realize their communications are being routed through a third party. The take-home message is: just because something is encrypted, don’t assume that other people won’t be able to access it.