Mobile networks run on trust that was never authenticated.
Any function that can reach the NRF can pull another's profile and speak as it — because OAuth2 authorization is optional by spec, so reachability is authorization. A minted or reused bearer token impersonates any NF. The legacy interconnect — SS7 / Diameter / GTP — is trust-by-default. And roaming trust is transitive and opaque: your security is your weakest partner's, and you can't see which partner that is.
NFProfile.ipv6Addresses, bound to the nfInstanceId already in the NF's cert SAN, derived from the key it already holds. Publicly verifiable across operators, revocable at DNS-TTL.
whisper verify --trustless — anchored at the IANA DNS root. Our own API is not in the trust path.
This is how a network you run gets driven by a function you never authorized.
No zero-day. Just a flat, all-IP, HTTP/2 service mesh and a legacy interconnect, both used exactly as built — where identity is asserted, never independently proven.
Onto the trust fabric
Lease SS7/Diameter GT or GTP access through a grey-market IPX, compromise a low-tier roaming partner and inherit its federated trust, or abuse an over-scoped CAMARA / Open Gateway token.
Query the NRF
Inside the SBA, hit the NRF. Because OAuth2 authz is optional by spec, reachability is authorization — discover every NF, its type, location and capabilities.
Speak as any NF
Pull a target's NFProfile and present its identity. The cert that names it is a private-CA assertion no roaming peer, IPX or regulator can independently check.
Intercept, cut, DoS, drain
Intercept calls/SMS/OTP over SS7/Diameter; track location; PFCP/N4-cut or redirect a subscriber's user-plane; deregister an NF profile for a stealth DoS; monetize via IRSF/AIT.
Every last IP is disposable
Hop across IPX hubs, cloud regions and a residential-proxy swarm every few requests. Your core SOC sees a fresh last IP and correlates nothing.
Unattributed, cross-operator
Every action binds to no verifiable, revocable identity — no cross-operator proof of who, no fast federated kill-switch. De-peering is slow and manual, and the same trust is reused at the next operator.
Invisible by design: a real peer is one NF to a network it belongs to; the abuser is one reachable session to a mesh that trusts by default — and every IP it ever shows you is disposable. This is not hypothetical: state-linked interconnect intrusions reported across 80+ countries and 600+ organizations since at least 2019 — some reaching lawful-intercept systems — persisted for years for exactly this reason. We don't claim an identity layer alone would have stopped a router implant; we do claim it closes the attribution-and-eviction vacuum those campaigns exploit to stay.
Strip the incident down and it isn't a hundred bugs. It's two.
Every step in that chain leans on exactly two structural gaps that every mobile network shares. Close both and the attack has nowhere left to stand.
Rate-limit an IP and they spin up a fresh one across another IPX hub or cloud region. The egress is disposable; the last IP was never the peer. So you block noise while the operator behind it keeps working.
The answer — the graph. A live internet-infrastructure graph — 7.44B nodes and 39.3B relationships of fused BGP, DNS, WHOIS, TLS, hosting and threat intelligence, answering in under 300 ms — fingerprints the operator, not the IP. Two levers, kept honestly separate: for IPX and cloud rotation it clusters shared ASN, hosting and certificate lineage into one infrastructure genealogy; for a residential-proxy swarm — where a subscriber IP gives an infra graph nothing to grab — a JA4/JA3 client fingerprint travels with the tooling regardless of the exit, invisible to the proxy because it lives in the TLS handshake, and collapses the swarm to one operator. Every answer returns a reproducible evidence chain your core SOC, your interconnect team and a regulator can replay.
The verbs your analysts run — or your agent runs for them: identify(ip) (who really operates a host, even behind a CDN or IPX) · origins(prefix) + walk(node,depth) (cluster rotating IPs into one genealogy) · history / watch (a timeline and a standing sentinel) · arbitrary read-only Cypher (express "one source touching N distinct NF identities in a window" as a query, not a ticket).
"When a rogue NF or a compromised roaming peer phones home through rotating IPX egress, fresh cloud IPs and residential proxies, can you actually attribute it — or just rate-limit an IP and move on?"
Attribute it. Infrastructure genealogy collapses the IPX and cloud rotation; a JA4 client fingerprint collapses the residential swarm. The egress IP is the one thing we don't rely on — and the finding feeds straight into your signalling firewall and SIEM.
A minted or reused bearer token is a valid credential; a function that can reach the NRF is — by the spec's own default — authorized. Behaviorally it's a legitimate NF. Nothing at the boundary separates it, because the identity that names it is a private-CA assertion no counterparty can independently verify.
The answer — identity. Bind the SBI to the NF's own forge-proof /128 — an address derived from the key behind the nfInstanceId the NF already carries in its cert SAN. And because that name resolves through a DNSSEC-signed zone with a DANE-pinned record, it also closes the DNS-spoofing / rogue-NRF / forged-token-issuer gap that mutual TLS alone never covered.
"3GPP already mandates mutual TLS on the SBI and every NF has a certificate. Why isn't that enough?"
Because it is rooted in the operator's private CA — and it doesn't protect the DNS. No roaming partner, IPX, regulator or peer operator can independently verify a private-CA cert, and the SBA name layer that NF/NRF discovery rides on is unsigned: spoof DNS and you redirect to a rogue NRF or a forged token-issuer URL that mTLS never sees. Whisper keeps the same urn:uuid:<nfInstanceId> identity (TS 33.310), DANE-pins the very cert the NF already presents, and makes it publicly verifiable and revocable at DNS-TTL.
Gap 1 is detection made durable. Gap 2 is the root cause. Here's the root-cause cure.
Give every network function an identity it can prove — across operators, not just inside yours.
Stop treating NF impersonation as a detection problem and make it an identity problem — strictly stronger. Whisper has one primitive: the address is the identity.
A routable IPv6 /128 out of 2a04:2a01::/32 (announced by AS219419), deterministically derived from a key, DNSSEC-anchored, DANE-EE pinned, RDAP/WHOIS-registered — re-derivable and verifiable by anyone with dig. whisper verify --trustless checks it against the IANA root; our own API is not in the trust path.
Point it at network functions. Derive each NF's — AMF, SMF, UPF, PCF, UDM, or a SEPP — /128 from the SBA mTLS key it already holds, the one whose certificate SAN already carries urn:uuid:<nfInstanceId> (3GPP TS 33.310), with the nfInstanceId as the domain separator (device_id = nfInstanceId). The private key never leaves the NF; the address is a one-way function of its public half and that UUID. Drop the /128 into NFProfile.ipv6Addresses — no NRF API change, no re-keying, no new CA.
urn:uuid:<nfInstanceId> in its SAN (TS 33.310) — a good key-bound identity trapped in an operator-private CA. Whisper binds the same UUID to a routable, publicly verifiable /128 and gives it a cross-operator off-switch at DNS-TTL. One leaf key per identity; never a shared root."One reachable NRF → every NF" becomes impossible
You cannot present the identities of NFs whose keys you don't hold. Every impersonation is a DNSSEC/DANE inconsistency any counterparty catches — inside the core or across the N32 border.
Egress rotation becomes irrelevant
Identity is not the source IP. The "last IP" was never the credential — so rotating it, across IPX hubs, clouds or residential proxies, changes nothing.
Stolen bearer tokens fail
A minted or reused token with no NF key behind it authenticates to nothing. The path checks the NF's pinned identity, not who is holding the bearer.
One revoke kills a compromised NF everywhere
At DNS-TTL speed: dig -x returns nothing; verify returns false — across operators, not one CRL per operator that peers may never fetch.
revoke. An NF scale-out re-derives a /128 per instance; a scale-in or decommission is one revoke; a compromised roaming identity is cut at the N32 border in one call — the home network (HPMN) revokes a visited-network (VPMN) peer without waiting on an IPX. Compromise one NF and you've compromised that NF, not the mesh — the impersonate-any-NF failure mode is structurally removed. And nothing is issued in the dark: every mint and every revoke lands in a public, Bitcoin-anchored transparency log you and your regulator can audit.Maps to NIS2 Art.21/23 incident handling & reporting, the EU 5G Toolbox TM02 (turn on the optional controls), NSA/CISA ESF 5G Cloud Parts II–III micro-segmentation, CISA ZTMM Identity, and GSMA FS.36 for the N32 boundary — delivered as a network primitive, not a compliance binder. See the compliance map →
See who's enumerating your NFs — before the impersonation lands.
An identity you can prove is also an identity you can watch. Because every NF's name resolves through Whisper's own authoritative DNS and RDAP, the owner sees exactly who looked — a reconnaissance tripwire the operator-private NRF never gave you — and can govern precisely what each function may talk to.
op:lookups returns who looked — surfacing an enumerating peer before the impersonation, not after.Who checked this NF is a query
op:lookups returns who resolved or RDAP-queried an NF's identity — an early warning that someone is enumerating your core or a roaming peer is probing, not a post-mortem after the impersonation.
Govern what each NF may reach
A graph-first resolver and source-bound egress enforce default-deny per NF — allow the peer SEPP and the OAM/OTA endpoint, block everything else, by name or subdomain.
Per-NF firewall, budget, kill-switch
op:firewall allow/deny by host, cidr or port; op:budget caps an NF's traffic; op:revoke cuts a compromised function off across operators in one call.
Non-repudiable interconnect telemetry
sign-outputs binds each SBI response, CDR or N32 message to the NF's forge-proof /128 — so a roaming partner, a regulator and interconnect settlement trust the record came from the real function.
The same address-is-identity primitive that governs a compromised NF also governs the AI agents your NOC, OSS/BSS and CAMARA developer platform are about to run — per-agent /128, per-agent logs, default-deny egress, one revoke. From day one.
Don't take our word for it — our API isn't in the trust path.
Two tiers, by design. No key: anyone can verify an NF's identity, resolve it, and back-trace a suspicious peer — trustless, anchored at the IANA root. Your key: bind an NF to the nfInstanceId it carries, govern its egress, revoke it across operators.
# keyless — re-derive and verify any NF's identity, trustless
$ whisper verify --trustless 2a04:2a01:5e0::a3f
✓ DNSSEC chain valid to the IANA root
✓ DANE-EE (TLSA) leaf matches the NF's SBA cert
✓ RDAP: registered under AS219419 · 2a04:2a01::/32
identity: VERIFIED — no operator-private CA in the trust path
# the address is the NF — reverse DNS names it
$ dig -x 2a04:2a01:5e0::a3f +short
nf-amf-3f2504e0.sbi.example-plmn.whisper.online.
# who really operates a suspicious IPX host — the real graph API, a CALL whisper.identify()
$ curl -s https://graph.whisper.security/api/query -H "X-API-Key: whisper_live_xxx" \
-H 'content-type: application/json' -d '{"query":"CALL whisper.identify(\"185.60.x.x\")"}'
operator: <fingerprinted> · seen across IPX / AWS / Azure
residential swarm collapsed by JA4: same tooling, 41 exit IPs → 1 operator
# bind an NF to the nfInstanceId already in its cert SAN, and govern it
$ export WHISPER_API_KEY=whisper_live_xxx
$ curl -s https://graph.whisper.security/api/query -H "X-API-Key: $WHISPER_API_KEY" --data-urlencode "q=CALL whisper.agents({op:'connect', args:{tier:'wireguard',
identity_public_key:'<base64 SPKI of the NF SBA key>',
device_id:'3f2504e0-4f89-11d3-9a0c-0305e82c3301'}})" # device_id = the nfInstanceId
→ identity 2a04:2a01:5e0::a3f DNSSEC + DANE live · drops into NFProfile.ipv6Addresses
$ whisper policy set --default deny --allow sepp.partner-plmn.example,oam.example-plmn.net
$ whisper kill --revoke 2a04:2a01:5e0::a3f # across operators, at DNS-TTL
Your signalling firewall sees that a message is malformed. Whisper proves who sent it — and follows them when the egress rotates.
The signalling-firewall incumbents — Enea, SecurityGen, P1 Security, Positive Technologies, Mobileum — inspect and score the message across SS7, Diameter, GTP-C and HTTP/2, and that's necessary. The 5G-core firewalls (Palo Alto CN-Series, Fortinet, A10, Check Point) protect GTP-U, SCTP and the packet core. Your operator PKI and SEPP (Ericsson, Nokia, Oracle) issue and lifecycle NF certificates and hide topology at N32/PRINS. But all of them attribute within the signalling plane or trust a private CA — the identity is not publicly verifiable, revocation is a per-operator CRL/OCSP, and the cert isn't a routable identity that survives NAT, roaming and IPX. Whisper adds the two layers no one else owns: an internet-infrastructure attribution graph that fingerprints the operator across rotating IPX, cloud and residential egress, and a publicly verifiable NF-identity plane that is addressable and revocable at DNS-TTL. Exactly the two gaps NF impersonation exploits.
| Signalling / core firewall | Operator PKI + SEPP | Whisper | |
|---|---|---|---|
| Signalling & core traffic protection (SS7/Diameter/GTP/SCTP) | ✓ | — | additive feed |
| Publicly verifiable NF identity (no cross-certification) | — | — | ✓ |
| Cross-operator revocation at DNS-TTL | — | — (per-op CRL/OCSP) | ✓ |
| Operator attribution across rotating IPX / cloud / residential egress | — | — | ✓ |
It's depth on top of the stack you already run — it can DANE-pin the same NF/NRF certificate your SBA already speaks, and it lands as a machine-readable feed into your SIEM — the Splunk and Microsoft Sentinel connectors ship today — enrichment that makes your signalling firewall and threat-intel sharper. It does not do signalling firewalling, GTP/SCTP inspection or packet-core protection — those stay the incumbents'. It doesn't replace them, and it doesn't add a console your analysts babysit.
Additive to your stack. Mapped to your standards. Availability-safe by construction.
Closes the gap 33.501 leaves open
3GPP mandates mTLS and OAuth2 but not DNSSEC/DANE on the SBA name layer. A DNSSEC-signed zone with DANE-pinned NF/NRF records gives a hijack-resistant name→address→expected-cert binding that defeats DNS spoofing, a rogue NRF and a forged token-issuer — the least-contestable claim on this page. See the map →
Attribution for NIS2 reporting
Cryptographic who/where forensics that accelerate the NIS2 Art.23 24h / 72h / 1-month timelines, and SCAS TS 33.117 logging anchored to a per-NF /128. A reproducible, replayable JSON evidence chain, plus DANE-pinned peer identity to harden the GSMA FS.36 N32 vector.
Nothing issued in the dark
Every identity mint and every revoke lands in a public, append-only RFC 6962 Merkle transparency log, Ed25519-signed and anchored to Bitcoin via OpenTimestamps — an auditable, non-repudiable trail for your regulator. Honest status: tamper-evident today, independent witnessing is the next step.
Additive & availability-safe
It rides existing DNS/IPv6 and adds no inline SBI chokepoint. If a consumer authorizes against the DANE/verify path, that plane is built to fail open — a Whisper outage never blocks an NF; checks degrade to your existing mTLS+OAuth2 anchors. Anycast on AS219419, no single node in the path.
One identity fabric, every vendor & operator
Derived from the key already in the NF — no second PKI, no cross-certifying every roaming partner's Root CA, no re-registration. Whether it's an AMF, a UPF or a SEPP, it's one verifiable /128 you and a roaming partner can both check without an IPX in the middle.
A vendor that will still be here
Real routable address space (AS219419), run by people who ran the internet's regional address registry and operated one of its root DNS servers. POC → pilot → enterprise, keyless to start. See pricing →
Give every network function an identity it can prove.
The address is the NF — routable, DNSSEC-anchored, bound to the nfInstanceId it already carries, publicly verifiable across operators, revocable in one call. Keyless to try, one call to provision, one more to revoke.
Or run whisper verify --trustless right now.