telecom.whisper.online · 5G core & interconnect security

Mobile networks run on trust that was never authenticated.

Any function that can reach the NRF can pull another's profile and speak as it — because OAuth2 authorization is optional by spec, so reachability is authorization. A minted or reused bearer token impersonates any NF. The legacy interconnect — SS7 / Diameter / GTP — is trust-by-default. And roaming trust is transitive and opaque: your security is your weakest partner's, and you can't see which partner that is.

Authenticate it. The address is the NF — a routable, DNSSEC-anchored /128 in NFProfile.ipv6Addresses, bound to the nfInstanceId already in the NF's cert SAN, derived from the key it already holds. Publicly verifiable across operators, revocable at DNS-TTL.

whisper verify --trustless — anchored at the IANA DNS root. Our own API is not in the trust path.

$38.95B telecom fraud a year — ~2.5% of revenue, most of it riding trust-by-default interconnect
$6.23B International Revenue Share Fraud alone, per year — abuse that lives in the interconnect trust vacuum
100% of 28 tested operator networks were vulnerable to GTP impersonation, fraud or DoS
~90% of tested operators leaked subscriber IMSIs through Diameter signalling
OPTIONAL — OAuth2 authorization at the 5G NRF is not required by spec: reachability ≈ authorization
~70% of operators lack the cloud-native capability the roaming fix (SEPP) needs to deploy

This is how a network you run gets driven by a function you never authorized.

No zero-day. Just a flat, all-IP, HTTP/2 service mesh and a legacy interconnect, both used exactly as built — where identity is asserted, never independently proven.

01 · FOOTHOLD

Onto the trust fabric

Lease SS7/Diameter GT or GTP access through a grey-market IPX, compromise a low-tier roaming partner and inherit its federated trust, or abuse an over-scoped CAMARA / Open Gateway token.

02 · ENUMERATE

Query the NRF

Inside the SBA, hit the NRF. Because OAuth2 authz is optional by spec, reachability is authorization — discover every NF, its type, location and capabilities.

03 · IMPERSONATE

Speak as any NF

Pull a target's NFProfile and present its identity. The cert that names it is a private-CA assertion no roaming peer, IPX or regulator can independently check.

04 · ACT

Intercept, cut, DoS, drain

Intercept calls/SMS/OTP over SS7/Diameter; track location; PFCP/N4-cut or redirect a subscriber's user-plane; deregister an NF profile for a stealth DoS; monetize via IRSF/AIT.

05 · ROTATE

Every last IP is disposable

Hop across IPX hubs, cloud regions and a residential-proxy swarm every few requests. Your core SOC sees a fresh last IP and correlates nothing.

06 · PERSIST

Unattributed, cross-operator

Every action binds to no verifiable, revocable identity — no cross-operator proof of who, no fast federated kill-switch. De-peering is slow and manual, and the same trust is reused at the next operator.

Invisible by design: a real peer is one NF to a network it belongs to; the abuser is one reachable session to a mesh that trusts by default — and every IP it ever shows you is disposable. This is not hypothetical: state-linked interconnect intrusions reported across 80+ countries and 600+ organizations since at least 2019 — some reaching lawful-intercept systems — persisted for years for exactly this reason. We don't claim an identity layer alone would have stopped a router implant; we do claim it closes the attribution-and-eviction vacuum those campaigns exploit to stay.

Strip the incident down and it isn't a hundred bugs. It's two.

Every step in that chain leans on exactly two structural gaps that every mobile network shares. Close both and the attack has nowhere left to stand.

Gap 1 · you can't follow them when the egress rotates

Rate-limit an IP and they spin up a fresh one across another IPX hub or cloud region. The egress is disposable; the last IP was never the peer. So you block noise while the operator behind it keeps working.

The answer — the graph. A live internet-infrastructure graph — 7.44B nodes and 39.3B relationships of fused BGP, DNS, WHOIS, TLS, hosting and threat intelligence, answering in under 300 ms — fingerprints the operator, not the IP. Two levers, kept honestly separate: for IPX and cloud rotation it clusters shared ASN, hosting and certificate lineage into one infrastructure genealogy; for a residential-proxy swarm — where a subscriber IP gives an infra graph nothing to grab — a JA4/JA3 client fingerprint travels with the tooling regardless of the exit, invisible to the proxy because it lives in the TLS handshake, and collapses the swarm to one operator. Every answer returns a reproducible evidence chain your core SOC, your interconnect team and a regulator can replay.

The verbs your analysts run — or your agent runs for them: identify(ip) (who really operates a host, even behind a CDN or IPX) · origins(prefix) + walk(node,depth) (cluster rotating IPs into one genealogy) · history / watch (a timeline and a standing sentinel) · arbitrary read-only Cypher (express "one source touching N distinct NF identities in a window" as a query, not a ticket).

what your core SOC sees — a rotating, meaningless “last IP” Stolen bearer = impersonates any NF IPX hub · GRX 185.60.x.x AWS eu-central 3.68.x.x Azure westeu 20.61.x.x residential-proxy swarm 71.x · Comcast 82.x · KPN 99.x · Orange JA4-identical tooling infra genealogy JA4 fingerprint One operator ASN + hosting genealogy + JA4 / JA3 fingerprint evidence chain → your SIEM what the graph sees — one operator
Attribution survives rotation because it tracks the infrastructure and the tooling, not the ephemeral egress IP. The one thing we never rely on is the last IP.

"When a rogue NF or a compromised roaming peer phones home through rotating IPX egress, fresh cloud IPs and residential proxies, can you actually attribute it — or just rate-limit an IP and move on?"

Attribute it. Infrastructure genealogy collapses the IPX and cloud rotation; a JA4 client fingerprint collapses the residential swarm. The egress IP is the one thing we don't rely on — and the finding feeds straight into your signalling firewall and SIEM.

Gap 2 · a reachable NRF and a stolen token look exactly like a real NF

A minted or reused bearer token is a valid credential; a function that can reach the NRF is — by the spec's own default — authorized. Behaviorally it's a legitimate NF. Nothing at the boundary separates it, because the identity that names it is a private-CA assertion no counterparty can independently verify.

The answer — identity. Bind the SBI to the NF's own forge-proof /128 — an address derived from the key behind the nfInstanceId the NF already carries in its cert SAN. And because that name resolves through a DNSSEC-signed zone with a DANE-pinned record, it also closes the DNS-spoofing / rogue-NRF / forged-token-issuer gap that mutual TLS alone never covered.

"3GPP already mandates mutual TLS on the SBI and every NF has a certificate. Why isn't that enough?"

Because it is rooted in the operator's private CA — and it doesn't protect the DNS. No roaming partner, IPX, regulator or peer operator can independently verify a private-CA cert, and the SBA name layer that NF/NRF discovery rides on is unsigned: spoof DNS and you redirect to a rogue NRF or a forged token-issuer URL that mTLS never sees. Whisper keeps the same urn:uuid:<nfInstanceId> identity (TS 33.310), DANE-pins the very cert the NF already presents, and makes it publicly verifiable and revocable at DNS-TTL.

Gap 1 is detection made durable. Gap 2 is the root cause. Here's the root-cause cure.

Give every network function an identity it can prove — across operators, not just inside yours.

Stop treating NF impersonation as a detection problem and make it an identity problem — strictly stronger. Whisper has one primitive: the address is the identity.

A routable IPv6 /128 out of 2a04:2a01::/32 (announced by AS219419), deterministically derived from a key, DNSSEC-anchored, DANE-EE pinned, RDAP/WHOIS-registered — re-derivable and verifiable by anyone with dig. whisper verify --trustless checks it against the IANA root; our own API is not in the trust path.

Point it at network functions. Derive each NF's — AMF, SMF, UPF, PCF, UDM, or a SEPP — /128 from the SBA mTLS key it already holds, the one whose certificate SAN already carries urn:uuid:<nfInstanceId> (3GPP TS 33.310), with the nfInstanceId as the domain separator (device_id = nfInstanceId). The private key never leaves the NF; the address is a one-way function of its public half and that UUID. Drop the /128 into NFProfile.ipv6Addresses — no NRF API change, no re-keying, no new CA.

NF SBA key urn:uuid in cert SAN · 33.310 never leaves the NF private key sealed public key + nfInstanceId /128 2a04:2a01:5e0::a3f → NFProfile.ipv6Addresses DNSSEC + DANE-EE A name any operator can verify whisper verify --trustless no operator-private CA needed op:revoke → gone across operators at DNS-TTL
The NF certificate already carries urn:uuid:<nfInstanceId> in its SAN (TS 33.310) — a good key-bound identity trapped in an operator-private CA. Whisper binds the same UUID to a routable, publicly verifiable /128 and gives it a cross-operator off-switch at DNS-TTL. One leaf key per identity; never a shared root.

"One reachable NRF → every NF" becomes impossible

You cannot present the identities of NFs whose keys you don't hold. Every impersonation is a DNSSEC/DANE inconsistency any counterparty catches — inside the core or across the N32 border.

Egress rotation becomes irrelevant

Identity is not the source IP. The "last IP" was never the credential — so rotating it, across IPX hubs, clouds or residential proxies, changes nothing.

Stolen bearer tokens fail

A minted or reused token with no NF key behind it authenticates to nothing. The path checks the NF's pinned identity, not who is holding the bearer.

One revoke kills a compromised NF everywhere

At DNS-TTL speed: dig -x returns nothing; verify returns false — across operators, not one CRL per operator that peers may never fetch.

Attaches to what you already run — it does not replace it. Whisper complements the anchors 3GPP mandates — mutual TLS on the SBI, OAuth2 at the NRF, the operator PKI (CMPv2 enrolment), SEPP topology-hiding and N32/PRINS. It is the publicly verifiable, DNSSEC/DANE-anchored layer on top, at the DNS / IP / transport boundary: no bespoke trust store to cross-certify with every roaming partner, and revocation at DNS-TTL instead of a per-operator CRL/OCSP. You can even DANE-pin the NF/NRF certificate the SBA already speaks and cut single-CA and rogue-issuer risk. It never sits inside the intra-SBI path where mTLS and the NRF already bind tightly.
The nfInstanceId is the public UUID — the /128 is its cryptographic counterpart. The nfInstanceId is a known, structured identifier flowing through every NRF registration and discovery; useful for interoperability, but it isn't a secret. The /128 is bound to the NF's key and the nfInstanceId — so the UUID alone yields nothing. You cannot go nfInstanceId → /128 without the key, there is no enumerable directory, and RDAP/reverse-DNS return the registry object, never the NF's internal whereabouts. Because the derivation is tenant-bound, the same NF instance under two operators yields two unrelated /128s — no one can link an instance across the PLMN boundary.
Lifecycle, end to end. CMPv2 enrolment → in-life SBI → incident revoke. An NF scale-out re-derives a /128 per instance; a scale-in or decommission is one revoke; a compromised roaming identity is cut at the N32 border in one call — the home network (HPMN) revokes a visited-network (VPMN) peer without waiting on an IPX. Compromise one NF and you've compromised that NF, not the mesh — the impersonate-any-NF failure mode is structurally removed. And nothing is issued in the dark: every mint and every revoke lands in a public, Bitcoin-anchored transparency log you and your regulator can audit.

Maps to NIS2 Art.21/23 incident handling & reporting, the EU 5G Toolbox TM02 (turn on the optional controls), NSA/CISA ESF 5G Cloud Parts II–III micro-segmentation, CISA ZTMM Identity, and GSMA FS.36 for the N32 boundary — delivered as a network primitive, not a compliance binder. See the compliance map →

See who's enumerating your NFs — before the impersonation lands.

An identity you can prove is also an identity you can watch. Because every NF's name resolves through Whisper's own authoritative DNS and RDAP, the owner sees exactly who looked — a reconnaissance tripwire the operator-private NRF never gave you — and can govern precisely what each function may talk to.

who is resolving / RDAP-querying this NF identity? consumer NF · SMF 1 AAAA lookup roaming SEPP · VPMN 1 TLSA lookup unknown enumerator 200 RDAP hits / min NF authoritative zone AAAA · PTR · TLSA RDAP /ip object every query is recorded op:lookups who checked this NF the recon tripwire ⚠ enumeration detected
Every resolve, PTR and RDAP query against an NF's identity is recorded. op:lookups returns who looked — surfacing an enumerating peer before the impersonation, not after.

Who checked this NF is a query

op:lookups returns who resolved or RDAP-queried an NF's identity — an early warning that someone is enumerating your core or a roaming peer is probing, not a post-mortem after the impersonation.

Govern what each NF may reach

A graph-first resolver and source-bound egress enforce default-deny per NF — allow the peer SEPP and the OAM/OTA endpoint, block everything else, by name or subdomain.

Per-NF firewall, budget, kill-switch

op:firewall allow/deny by host, cidr or port; op:budget caps an NF's traffic; op:revoke cuts a compromised function off across operators in one call.

Non-repudiable interconnect telemetry

sign-outputs binds each SBI response, CDR or N32 message to the NF's forge-proof /128 — so a roaming partner, a regulator and interconnect settlement trust the record came from the real function.

The same address-is-identity primitive that governs a compromised NF also governs the AI agents your NOC, OSS/BSS and CAMARA developer platform are about to run — per-agent /128, per-agent logs, default-deny egress, one revoke. From day one.

Don't take our word for it — our API isn't in the trust path.

Two tiers, by design. No key: anyone can verify an NF's identity, resolve it, and back-trace a suspicious peer — trustless, anchored at the IANA root. Your key: bind an NF to the nfInstanceId it carries, govern its egress, revoke it across operators.

verify & attribute — no key required
# keyless — re-derive and verify any NF's identity, trustless
$ whisper verify --trustless 2a04:2a01:5e0::a3f
  ✓ DNSSEC chain valid to the IANA root
  ✓ DANE-EE (TLSA) leaf matches the NF's SBA cert
  ✓ RDAP: registered under AS219419 · 2a04:2a01::/32
  identity: VERIFIED — no operator-private CA in the trust path

# the address is the NF — reverse DNS names it
$ dig -x 2a04:2a01:5e0::a3f +short
  nf-amf-3f2504e0.sbi.example-plmn.whisper.online.

# who really operates a suspicious IPX host — the real graph API, a CALL whisper.identify()
$ curl -s https://graph.whisper.security/api/query -H "X-API-Key: whisper_live_xxx" \
    -H 'content-type: application/json' -d '{"query":"CALL whisper.identify(\"185.60.x.x\")"}'
  operator:  <fingerprinted> · seen across IPX / AWS / Azure
  residential swarm collapsed by JA4: same tooling, 41 exit IPs → 1 operator
provision & govern — with your key
# bind an NF to the nfInstanceId already in its cert SAN, and govern it
$ export WHISPER_API_KEY=whisper_live_xxx
$ curl -s https://graph.whisper.security/api/query -H "X-API-Key: $WHISPER_API_KEY" --data-urlencode "q=CALL whisper.agents({op:'connect', args:{tier:'wireguard',
       identity_public_key:'<base64 SPKI of the NF SBA key>',
       device_id:'3f2504e0-4f89-11d3-9a0c-0305e82c3301'}})"   # device_id = the nfInstanceId
  → identity 2a04:2a01:5e0::a3f   DNSSEC + DANE live · drops into NFProfile.ipv6Addresses
$ whisper policy set --default deny --allow sepp.partner-plmn.example,oam.example-plmn.net
$ whisper kill --revoke 2a04:2a01:5e0::a3f   # across operators, at DNS-TTL

Your signalling firewall sees that a message is malformed. Whisper proves who sent it — and follows them when the egress rotates.

The signalling-firewall incumbents — Enea, SecurityGen, P1 Security, Positive Technologies, Mobileum — inspect and score the message across SS7, Diameter, GTP-C and HTTP/2, and that's necessary. The 5G-core firewalls (Palo Alto CN-Series, Fortinet, A10, Check Point) protect GTP-U, SCTP and the packet core. Your operator PKI and SEPP (Ericsson, Nokia, Oracle) issue and lifecycle NF certificates and hide topology at N32/PRINS. But all of them attribute within the signalling plane or trust a private CA — the identity is not publicly verifiable, revocation is a per-operator CRL/OCSP, and the cert isn't a routable identity that survives NAT, roaming and IPX. Whisper adds the two layers no one else owns: an internet-infrastructure attribution graph that fingerprints the operator across rotating IPX, cloud and residential egress, and a publicly verifiable NF-identity plane that is addressable and revocable at DNS-TTL. Exactly the two gaps NF impersonation exploits.

Signalling / core firewallOperator PKI + SEPPWhisper
Signalling & core traffic protection (SS7/Diameter/GTP/SCTP)additive feed
Publicly verifiable NF identity (no cross-certification)
Cross-operator revocation at DNS-TTL— (per-op CRL/OCSP)
Operator attribution across rotating IPX / cloud / residential egress

It's depth on top of the stack you already run — it can DANE-pin the same NF/NRF certificate your SBA already speaks, and it lands as a machine-readable feed into your SIEM — the Splunk and Microsoft Sentinel connectors ship today — enrichment that makes your signalling firewall and threat-intel sharper. It does not do signalling firewalling, GTP/SCTP inspection or packet-core protection — those stay the incumbents'. It doesn't replace them, and it doesn't add a console your analysts babysit.

See the full comparison →

Additive to your stack. Mapped to your standards. Availability-safe by construction.

Identity NF /128 · DNSSEC · DANE-EE · bound to nfInstanceId — who is this, provably 33.310 · mTLS · OAuth2 Attribution graph operator fingerprint across rotating IPX + cloud + residential — who's really behind this 7.44B nodes · BGP·DNS·TLS·JA4 Egress governance per-NF /128 · policy · lookups · firewall · budget · revoke — what may talk to what default-deny THE ADDRESS IS THE IDENTITY AS219419 · 2a04:2a01::/32 Your SIEM Splunk & Sentinel today Machine-readable STIX 2.1 / TAXII · CEF / ECS Your standards NIS2 · 5G Toolbox · ESF 5G Cloud
Three planes on one primitive — and all three exit into the stack you already run, not a new silo.

Closes the gap 33.501 leaves open

3GPP mandates mTLS and OAuth2 but not DNSSEC/DANE on the SBA name layer. A DNSSEC-signed zone with DANE-pinned NF/NRF records gives a hijack-resistant name→address→expected-cert binding that defeats DNS spoofing, a rogue NRF and a forged token-issuer — the least-contestable claim on this page. See the map →

Attribution for NIS2 reporting

Cryptographic who/where forensics that accelerate the NIS2 Art.23 24h / 72h / 1-month timelines, and SCAS TS 33.117 logging anchored to a per-NF /128. A reproducible, replayable JSON evidence chain, plus DANE-pinned peer identity to harden the GSMA FS.36 N32 vector.

Nothing issued in the dark

Every identity mint and every revoke lands in a public, append-only RFC 6962 Merkle transparency log, Ed25519-signed and anchored to Bitcoin via OpenTimestamps — an auditable, non-repudiable trail for your regulator. Honest status: tamper-evident today, independent witnessing is the next step.

Additive & availability-safe

It rides existing DNS/IPv6 and adds no inline SBI chokepoint. If a consumer authorizes against the DANE/verify path, that plane is built to fail open — a Whisper outage never blocks an NF; checks degrade to your existing mTLS+OAuth2 anchors. Anycast on AS219419, no single node in the path.

One identity fabric, every vendor & operator

Derived from the key already in the NF — no second PKI, no cross-certifying every roaming partner's Root CA, no re-registration. Whether it's an AMF, a UPF or a SEPP, it's one verifiable /128 you and a roaming partner can both check without an IPX in the middle.

A vendor that will still be here

Real routable address space (AS219419), run by people who ran the internet's regional address registry and operated one of its root DNS servers. POC → pilot → enterprise, keyless to start. See pricing →

Give every network function an identity it can prove.

The address is the NF — routable, DNSSEC-anchored, bound to the nfInstanceId it already carries, publicly verifiable across operators, revocable in one call. Keyless to try, one call to provision, one more to revoke.

Or run whisper verify --trustless right now.