auto.whisper.online · fleet-API abuse

A third party is draining your whole fleet through your own API — and every IP it shows you is a decoy.

A connected-vehicle security lead put his single largest unsolved problem to us plainly: third parties reverse-engineer your connected-car API — increasingly with AI — phish your customers for their companion-app credentials, and connect to your telematics backend with no contract. Then they scrape and resell whole-fleet data. It's a GDPR and EU-Data-Act exposure, and it's invisible at the network layer: a real customer is one IP to one car; the abuser is one operator to thousands, steals genuine sessions so it passes every auth check, and rotates egress across Amazon, Google and Azure so all your VSOC ever logs is a meaningless last IP.

Stop trying to detect it. Make it an identity problem. The address is the car — a routable, DNSSEC-anchored /128 no aggregator can forge, so a stolen session with no car-key behind it authenticates to nothing. Give every car an identity it can prove — and no one can forge.

whisper verify --trustless — anchored at the IANA DNS root. Our own API is not in the trust path.

17% APIs are now the #1 automotive attack vector — ahead of infotainment
92% of automotive attacks are remote
~2× AI roughly doubled automotive cyberattacks year over year
16 brands broken through connected-car APIs in one research disclosure
~140k vehicles reachable through a single employee-portal pivot
billions of vehicle-data points harvested and resold before two brokers collapsed in 2024

The abuse that no rate-limit, no WAF, and no last IP will ever catch.

It isn't a breach. Your API is used exactly as it was built — at fleet scale, by an operator who was never your customer and never signed a contract.

“Third parties reverse-engineer our connected-car API, phish customers for their app logins, and pull whole-fleet data off the telematics backend with no agreement in place. We can't tell them from a real driver at the network layer — and when we try to block them, the IP is already gone. Solve this and you're in a very good niche.
— a connected-vehicle security operations lead, describing the problem shared across the industry
01 · REVERSE-ENGINEERED

Not breached — rebuilt

The V2C API is mapped from the companion app and increasingly reconstructed by AI. Nothing is exploited yet; the endpoints are simply used as designed.

02 · REAL SESSIONS, NO CONTRACT

It passes every auth check

Phished app credentials or a hardcoded key lifted from a dealer-portal bundle yield genuine sessions. Auth says yes. There is no commercial agreement anywhere behind it.

03 · ONE OPERATOR, WHOLE FLEET

Then the IP dissolves

Low-and-slow VIN enumeration under every rate limit — then egress hops Amazon → Google → Azure, or a residential-proxy swarm. Your VSOC correlates a fresh last IP and nothing else.

Concretely, and at the class level: the API they call is your app's API, because it is your app's protocol. A third party reverse-engineers the connected-car companion app until it holds the exact calls the official app makes, then authenticates the same ways your own app does — a phished owner login, a static API-key header lifted from the app bundle, or an OAuth bearer token that is portable to any IP. From there it is contract-less, long-lived polling: a request every few minutes, streams held open — indistinguishable from a real handset because it is the handset's protocol. This isn't theoretical: public reverse-engineered clients for a major European connected-car backend already circulate. The root cause has a name — OWASP broken authentication / BOLA: the token, key or password authenticates a claim, never the machine on the other end.

This is invisible by design: a legitimate driver is one IP to one car; the abuser is one operator to thousands, holding valid credentials and showing you a disposable address every few requests. Whole-fleet telematics resale is not hypothetical — two data brokers reached billions of harvested vehicle-data points, and litigation, before both collapsed in 2024. That makes it a GDPR and EU-Data-Act incident, not only a security one.

Stop detecting the abuse. Prove the identity.

Detection will always be a step behind a credential that is genuinely valid. You can tune models forever and the abuser still looks exactly like a customer — because, to your backend, they are one. The only strictly-stronger move is to change what the backend trusts.

Today · the backend trusts a bearer secret

A session token, an API key, a cookie — whoever holds it can present it. That is the whole problem in one line: the credential does not prove which car is on the other end, so a stolen one is indistinguishable from the real thing, and the source IP that might have narrowed it down is disposable.

Tomorrow · the backend authorizes a car that proves itself. Bind authority to an identity the car holds and can demonstrate cryptographically, not a secret anyone can copy. Now a request either proves it is the car it claims to be, or it has no authority at all — before a single detection rule runs. Detection stops being the last line of defense and becomes a bonus.

That identity already has a home on the network you run: an address. Here is how the car's own key becomes an address no one can forge.

The key already in the car becomes an address only that car can prove.

Whisper has one primitive: the address is the identity. A routable IPv6 /128 out of 2a04:2a01::/32 (announced by AS219419), deterministically derived from a key, DNSSEC-anchored, DANE-EE pinned, RDAP/WHOIS-registered — re-derivable and verifiable by anyone with dig.

Point it at the car. Derive each vehicle's — or each ECU's — /128 from the hardware key it already holds: the secure element, the TPM, the IEEE 802.1AR IDevID, with the VIN or ECU serial as the domain separator. The private key never leaves the secure element; the address is a one-way function of its public half and the VIN. The V2C backend then authorizes on the car's pinned identity, not a stealable token — no bespoke CA trust store to push to every vehicle, and revocation at DNS-TTL speed instead of CRL/OCSP soft-fail.

Secure element / TPM IEEE 802.1AR IDevID key never leaves the chip private key sealed public key + VIN /128 2a04:2a01:…::c0de routable identity DNSSEC + DANE-EE A name anyone can verify whisper verify --trustless our API not in the trust path op:revoke → gone worldwide at DNS-TTL
State-changing commands terminate mutually-authenticated to the target car's /128 — the car co-signs — so a portal session can't reach a VIN it can't cryptographically address. One leaf key per identity; never a shared root.

"1 IP → thousands of cars" becomes physically impossible

You cannot present thousands of car-identities whose keys you don't hold. Every forgery is a DNSSEC/DANE inconsistency any verifier catches.

IP rotation becomes irrelevant

Identity is not the source IP. The "last IP" was never the credential — so rotating it, across clouds or residential proxies, changes nothing.

Stolen sessions fail

The aggregator's server doesn't hold the car's per-/128 leaf key. A valid-looking token with no key behind it authenticates to nothing.

One revoke kills a compromised car worldwide

At DNS-TTL speed: dig -x returns nothing; verify returns false. No fleet-wide password reset, no CRL you hope every car fetched.

"A leaked API key or a valid dealer-portal session looks legitimate — how do you catch abuse that passes auth?"

You bind authority to the car, not the bearer. State-changing fleet commands terminate mutually-authenticated to the target car's /128 — the car co-signs — so a dealer or owner session can't reach a VIN it can't cryptographically address. A request that passes auth but can't prove the identity never had authority in the first place. BOLA/IDOR and mass-assignment lose their leverage: elevating to any account no longer reaches any car.

Attaches to what you already ship — it does not replace it. Whisper complements the anchors you already trust — 802.1AR IDevID/LDevID (the silicon birth certificate), SCMS for V2X, ISO 15118 Plug & Charge, TPM/HSM/eSIM. It is the publicly verifiable, DNSSEC/DANE-anchored layer on top — the missing cryptographic counterpart to the identifiers you already stamp.
A near-literal drop-in for how the SDV already addresses services. In COVESA uProtocol (Eclipse SDV) a service's UUri authority-name is, by spec, a domain name, a VIN or an IPv6 address — so a Whisper name or /128 slots straight in, with DANE anchoring the transport binding (Zenoh, SOME/IP, MQTT or HTTP). The same DANE pin anchors an AUTOSAR Adaptive gateway's SOME/IP-over-TLS or DDS-Security endpoint cert, and an ISO 20078 Extended-Vehicle / neutral-server offering's TLS — where a per-vehicle name becomes a stable ExVe resource id the authorized third parties the EU Data Act forces you to open to can resolve and verify. Proposed integrations at the IP and cloud boundary; Whisper never reaches into the SecOC bus authenticator or the charging handshake.
The VIN is the public index — the /128 is its cryptographic counterpart. The VIN is guessable and on the windshield; that's what the attacker weaponizes. But the /128 is bound to the device's key as well as the VIN — so VIN alone yields nothing. You cannot go VIN → /128 without the key, there is no enumerable directory, and RDAP/reverse-DNS return the registry object, never the car's whereabouts.
Lifecycle, end to end. Factory IDevID burn → in-life authorization → incident revoke. An ECU swap or dealer module replacement re-keys to a new /128 and revokes the old one; a legitimate resale or decommission is one revoke and a re-register to the new owner. Compromise one ECU and you've compromised that ECU, not the fleet — the DigiNotar failure mode is structurally removed.

Maps to UN R155 (CSMS), R156 (SUMS), ISO/SAE 21434, the EU Data Act (in force since 12 Sep 2025 — verifiable per-party identity is how you draw the authorized-user-vs-unauthorized-aggregator line) and GDPR. Know, attribute and revoke every component — delivered as a network primitive, not a compliance binder.

Identity stops the next forgery. The graph names whoever already scraped you.

You won't re-key the whole fleet by Monday, and there is abuse in your logs right now. So the same platform back-traces the operator behind the sessions you already logged — attribution that survives the rotation, because it fingerprints the operator and the tooling, not the ephemeral egress IP.

The answer — the graph, not another rate-limit

A live internet-infrastructure graph — 7.44B nodes and 39.3B relationships of fused BGP, DNS, WHOIS, TLS, hosting and threat intelligence, answering in under 300 ms — fingerprints the operator, not the IP. Two levers, kept honestly separate: for cloud rotation the graph clusters shared ASN, hosting and certificate lineage into one infrastructure genealogy; for a residential-proxy swarm — where a subscriber IP gives an infra graph nothing to grab — a JA4/JA3 client fingerprint travels with the tooling regardless of the exit and collapses the swarm to one operator.

And it's a question, not a signature. Express fleet enumeration directly — "one source touching N distinct vehicle-identities in a window" — as read-only Cypher, and the graph returns the operator with a reproducible evidence chain your VSOC, your PSIRT, your auditors and a regulator can replay. That's business-logic and VIN-enumeration abuse caught by its shape across the fleet, not by a pattern you had to know in advance.

what your VSOC sees — a rotating, meaningless “last IP” Aggregator stolen sessions AWS eu-central 3.68.x.x GCP europe-w4 34.90.x.x Azure westeu 20.61.x.x residential-proxy swarm 71.x · Comcast 82.x · KPN 99.x · Orange JA4-identical tooling infra genealogy JA4 fingerprint One operator ASN + hosting genealogy + JA4 / JA3 fingerprint evidence chain → your SIEM what the graph sees — one operator
Attribution survives rotation because it tracks the infrastructure and the tooling, not the ephemeral egress IP. The one thing we never rely on is the last IP.
fleet enumeration as a query, not a signature
# ask the graph the business-logic question directly — read-only Cypher over the public graph API
$ curl -s https://graph.whisper.security/api/query -H "X-API-Key: whisper_live_xxx" \
    -H 'content-type: application/json' -d '{"query":"MATCH (src)-[t:TOUCHED]->(v:VehicleIdentity)
    WHERE t.window = \"15m\" WITH src, count(DISTINCT v) AS vins
    WHERE vins > 50 RETURN src, vins ORDER BY vins DESC"}'
  operator <fingerprinted>   1 source → 3,412 distinct VINs / 15m
  egress:  AWS eu-central → GCP europe-w4 → Azure westeu   (collapsed to 1)
  ja4:     same tooling across 41 residential exits → 1 operator
  reproducible, replayable JSON evidence chain → your SIEM

"When they rotate residential proxies and fresh cloud IPs, can you actually attribute them — or just rate-limit an IP and move on?"

Track them. Infrastructure genealogy collapses the cloud rotation; a JA4 client fingerprint collapses the residential swarm. The egress IP is the one thing we don't rely on — so the rotation that hides them from your VSOC is exactly what the graph reads through.

The verbs your analysts run (or your agent runs for them): identify(ip) (who really operates a host, even behind a CDN) · origins(prefix) + walk(node,depth) (cluster rotating IPs into one genealogy) · history / watch (a timeline and a standing sentinel over a suspect operator). Every answer is reproducible, replayable JSON: the GDPR and EU-Data-Act paper trail for an unauthorized-aggregator finding, not a screenshot.

Identity is the cure; the graph is how you clean up what got in before it, and catch the operator who tries anyway. Detection made durable, on top of a root-cause fix.

Additive to your VSOC. Mapped to your standards. Priced so you can say yes.

Your behavioral VSOC tells you that a fleet API is abused, at the app layer inside your own cloud — necessary, and where that picture stops. Whisper adds the two layers no one else owns: attribution across rotating clouds, and forge-proof identity after auth. It's depth on top of the stack you already run — not a console your analysts babysit.

Behavioral VSOCWhisper
Detect API abuse in your cloud (BOLA, business-logic)additive feed
Attribute the operator across rotating clouds / residential proxies
Forge-proof per-car / per-agent identity after auth

Feeds your SIEM and PSIRT

The Splunk, Microsoft Sentinel and OpenCTI connectors ship today. Findings arrive as signed, replayable JSON mapped to CEF and ECS fields — with STIX 2.1 over TAXII export on the roadmap — that you can hand a regulator or push straight into a PSIRT workflow.

Speaks your compliance language

Maps to UN R155 / R156 and ISO/SAE 21434 evidence, and to the Auto-ISAC Automotive Threat Matrix — findings tagged to ATM tactics and techniques, with the ATM's machine-readable JSON export on the roadmap for sharing straight to Auto-ISAC and your peers. Usable in TARA, cybersecurity interface agreements and type approval.

Flat pricing, real ROI

Per-VIN/year and flat — not per-transaction, not usage-metered — a line item you can forecast against 40-billion-API-call-a-month economics. ROI is concrete: analyst-hours saved chasing disposable IPs, warranty and recall exposure reduced, one revoke instead of a fleet-wide reset. See pricing →

Safe in your auth path

It rides on top of the X.509 device-cert mTLS your connected-vehicle cloud already runs — AWS IoT Core, Azure Event-Grid MQTT, Google Cloud — anchoring that same identity in public DNSSEC/DANE rather than replacing your vendor's mTLS, so a regulator or peer can verify a car outside that cloud's tenancy. And it's built to fail open: a Whisper outage never bricks a car — checks degrade to your existing anchors and connectivity is preserved. Anycast on AS219419, no single node in the path.

On-prem or your own tenant

Data residency and GDPR by construction — the graph and the per-agent logs stay where your regulator needs them. No whole-fleet telematics leaving your boundary to a third party you never contracted.

A vendor that will still be here

Real routable address space (AS219419), run by people who ran the internet's regional address registry and operated one of its root DNS servers. Auto-security startups fail — one raised ~$60M and folded; we built infrastructure to outlast that question. POC → pilot → enterprise, keyless to start.

See the full comparison →

Don't take our word for it — our API isn't in the trust path.

Two tiers, by design. No key: anyone can verify a car's identity and resolve it — trustless, anchored at the IANA root. Your key: back-trace a suspicious host on the graph, register a vehicle, govern its agents, revoke it worldwide.

verify (no key) · attribute (your key)
# keyless — re-derive and verify any car's identity, trustless
$ whisper verify --trustless 2a04:2a01:1c0::c0de
  ✓ DNSSEC chain valid to the IANA root
  ✓ DANE-EE (TLSA) leaf matches the identity's key
  ✓ RDAP: registered under AS219419 · 2a04:2a01::/32
  identity: VERIFIED — and our own API was never trusted

# the address is the car — reverse DNS names it
$ dig -x 2a04:2a01:1c0::c0de +short
  vin-wvwzzz1kz.fleet.example-oem.whisper.online.

# who really operates a suspicious host — with your key, via the public graph API
$ curl -s https://graph.whisper.security/api/query -H "X-API-Key: whisper_live_xxx" \
    -H 'content-type: application/json' -d '{"query":"CALL whisper.identify(\"34.90.x.x\")"}'
  operator:  <fingerprinted> · seen across AWS / GCP / Azure
  residential swarm collapsed by JA4: same tooling, 41 exit IPs → 1 operator
provision & govern — with your key
# give a car a name it can prove, and govern its agents
$ export WHISPER_API_KEY=whisper_live_xxx
$ whisper register --vin WVW… --from-idevid
  → identity 2a04:2a01:1c0::c0de   DNSSEC + DANE live
$ whisper policy set --default deny --allow api.oem.com,ota.oem.com
$ whisper revoke 2a04:2a01:1c0::c0de   # worldwide, at DNS-TTL

Give every car an identity it can prove.

The address is the car — routable, DNSSEC-anchored, revocable worldwide in one call. Keyless to try, one call to provision, one more to revoke. The fleet-API abuse that no rate-limit ever caught simply runs out of forgeries.

Or run whisper verify --trustless right now.