# Whisper for Automotive — give every car an identity it can prove

> A leaked session and a guessable VIN shouldn't be able to drive your whole fleet.
> The address **is** the car — a routable, DNSSEC-anchored /128 no one can forge,
> revocable worldwide in a single call. Additive to your VSOC and SIEM.

The abuser logs in as one of your real customers — so they pass every auth check —
then rotate across Amazon, Google and Azure until all your SOC has logged is a
meaningless *last IP*. It works for one reason: your cars have no identity they can
prove. **We give them one.**

`whisper verify --trustless` — anchored at the IANA DNS root. Our own API is not in the trust path.

- **17%** — APIs are now the #1 automotive attack vector, ahead of infotainment
- **92%** — of automotive attacks are remote
- **~2×** — AI roughly doubled automotive cyberattacks year over year
- **16** — brands broken through connected-car APIs in one research disclosure
- **~140k** — vehicles reachable through a single employee-portal pivot
- **26B** — credential-stuffing attempts per month across the web

---

## The attack, step by step

**This is how your fleet API gets driven by someone who was never your customer.**
No zero-day. No malware. Just authorization logic used exactly as built — at fleet scale.

1. **RECON** — A VIN is a structured, *guessable* string stamped on the windshield. An email address is enough to begin.
2. **CREDENTIAL** — Phish the companion app, or lift a hardcoded key from the dealer portal's JavaScript. Now they hold a real, valid session.
3. **PASS AUTH** — The telematics backend authorizes it — nothing is broken, the token is genuine. One BOLA/IDOR flaw turns *one* account into *any* account.
4. **SCALE** — One IP, thousands of cars. Enumerate VINs; locate, unlock, remote-start, disable the starter — low-and-slow, under every rate limit.
5. **ROTATE** — Egress hops Amazon → Google → Azure, or a residential-proxy swarm, every few requests. Your VSOC sees a fresh last IP and correlates nothing.
6. **MONETIZE** — Whole-fleet telematics scraped and resold with no contract. A GDPR and EU-Data-Act incident, not only a security one.

Invisible at the network layer by design: a real driver is *one IP to one car*; the
abuser is *one operator to thousands* — and every IP they ever show you is disposable.
Fleet-data resale is not hypothetical: two data brokers reached billions of harvested
vehicle-data points before both collapsed in 2024, class-action litigation behind them.

---

## Strip the incident down and it isn't a hundred bugs. It's two.

Every step in that chain leans on exactly two structural gaps that every
connected-vehicle program shares. Close both and the attack has nowhere left to stand.

### Gap 1 · you can't follow them when the IP rotates

Rate-limit an IP and they spin up a fresh one. The egress is disposable; the last IP
*was never the attacker*. So you block noise while the operator keeps working.

**The answer — the graph.** A live internet-infrastructure graph — **7.44B**
nodes and **39.3B** relationships of fused BGP, DNS, WHOIS, TLS, hosting
and threat intelligence, answering in under 300 ms — fingerprints the *operator*, not
the IP. Two levers, kept honestly separate:

- **Cloud rotation** — the graph clusters shared ASN, hosting and certificate lineage into one infrastructure genealogy.
- **Residential-proxy swarm** — where a subscriber IP gives an infra graph nothing to grab, a `JA4/JA3` client fingerprint travels with the *tooling* regardless of the exit and collapses the swarm to one operator.

Every answer returns a reproducible **evidence chain** your VSOC, your auditors and a
regulator can replay. The verbs: `identify(ip)`, `origins(prefix)` + `walk(node,depth)`,
`history` / `watch`, and arbitrary read-only Cypher ("one source touching N distinct
vehicle-identities in a window").

> **"When they rotate residential proxies and fresh cloud IPs, can you actually attribute them — or just rate-limit an IP and move on?"**
> Track them. Infrastructure genealogy collapses the cloud rotation; a JA4 client
> fingerprint collapses the residential swarm. The egress IP is the one thing we don't rely on.

### Gap 2 · abuse that passes auth looks legitimate

A stolen session or a leaked dealer-portal key *is* a valid credential. Behaviorally
it's a customer. Nothing at the perimeter separates it, because the credential is a
bearer secret — whoever holds it can present it.

**The answer — identity.** Bind the session to the car's own forge-proof **/128** — an
address derived from the key already sitting in the vehicle's secure element, one the
car can prove and no aggregator can. A stolen token without the car's leaf key simply *fails*.

> **"A leaked API key or a valid dealer-portal session looks legitimate — how do you catch abuse that passes auth?"**
> You bind authority to the car, not the bearer. State-changing fleet commands
> terminate mutually-authenticated to the *target car's* /128 — the car co-signs — so a
> dealer or owner session can't reach a VIN it can't cryptographically address. A request
> that passes auth but can't prove the identity never had authority in the first place.

Gap 1 is detection made durable. Gap 2 is the root cause. Here's the root-cause cure.

---

## The root-cause cure · identity

**Give every car an identity it can prove — and no one can forge.** Stop treating fleet
abuse as a detection problem and make it an *identity* problem — strictly stronger.
Whisper has one primitive: **the address is the identity.**

A routable IPv6 **/128** out of `2a04:2a01::/32` (announced by **AS219419**),
deterministically derived from a key, DNSSEC-anchored, **DANE-EE** pinned,
RDAP/WHOIS-registered — re-derivable and verifiable by anyone with `dig`.
`whisper verify --trustless` checks it against the IANA root; *our own API is not in the trust path.*

**Point it at devices.** Derive each vehicle's — or each ECU's — /128 from the hardware
key it already holds: the secure element, the TPM, the IEEE **802.1AR IDevID**, with the
**VIN or ECU serial as the domain separator**. The private key never leaves the secure element; the address is a one-way function of its public half and the VIN. The backend then authorizes on the car's *pinned
identity*, not a stealable token.

```
secure element / TPM  ──pubkey + VIN──▶  /128  ──DNSSEC+DANE-EE──▶  a name anyone can verify
(802.1AR IDevID key,                     2a04:2a01:…::c0de           whisper verify --trustless
 never leaves the chip,                  routable identity           our API not in the trust path
 key stays in SE)                                                    op:revoke → gone at DNS-TTL
```

What becomes true the moment you do this:

- **"1 IP → thousands of cars" becomes physically impossible.** Every forgery is a DNSSEC/DANE inconsistency any verifier catches.
- **IP rotation becomes irrelevant.** Identity is not the source IP; the "last IP" was never the credential.
- **Stolen sessions fail.** The aggregator's server doesn't hold the car's per-/128 leaf key.
- **One `revoke` kills a compromised car worldwide** at DNS-TTL speed — `dig -x` returns nothing, verify returns false. No fleet-wide reset, no CRL you hope every car fetched.

**Attaches to what you already ship — it does not replace it.** Whisper complements
802.1AR IDevID/LDevID, SCMS for V2X, ISO 15118 Plug & Charge, TPM/HSM/eSIM. It is the
publicly verifiable, DNSSEC/DANE-anchored layer *on top*: no bespoke CA trust store to
push to every vehicle, and revocation at DNS-TTL speed instead of CRL/OCSP soft-fail.

**The VIN is the public index — the /128 is its cryptographic counterpart.** The /128
is bound to the device's key as well as the VIN, so VIN alone yields nothing: you cannot
go VIN → /128 without the key, there is no enumerable directory, and RDAP/reverse-DNS
return the registry object, never the car's whereabouts.

**Lifecycle, end to end.** Factory IDevID burn → in-life authorization → incident
`revoke`. An ECU swap or dealer module replacement re-keys to a new /128 and revokes the
old one; a legitimate resale or decommission is one `revoke` and a re-register to the new
owner. Compromise one ECU and you've compromised *that ECU*, not the fleet — the
DigiNotar failure mode is structurally removed.

Maps to UN **R155** (CSMS), **R156** (SUMS), **ISO/SAE 21434**, the **EU Data Act** (in
force since 12 Sep 2025) and GDPR. Know, attribute and revoke every component —
delivered as a network primitive, not a compliance binder.

---

## The next surface · AI agents & the SDV

**The same primitive governs the AI agents your fleet is about to run.** Security leaders
tell us that knowing where their AI agents go, who talks to what, and which external
agents talk to theirs is "extremely hard." Today the answer is to close every door, open
three, contract with the giants, and trust them. Whisper does it with identity instead of trust.

- **Which agent did this is the source address** — every agent egresses from its own routable /128.
- **Every query and connection is logged per-agent**, queryable live via `op:logs`.
- **Policy on every query** — a graph-first resolver and bound egress enforce category, geography, ownership and routing; default deny, allow or block by name or subdomain. The three doors, except the doors are policy-defined and revocable, not hard-wired trust in a giant.
- **Inbound agents are verifiable** — FCrDNS, RDAP, `whisper verify`. Per-agent budgets, a kill-switch, one `revoke`.

The SDV, connected-vehicle-API, MCP and LLM surface the incumbents are only now reaching
for — governed by the same *address-is-identity* primitive, from day one.

---

## Prove it in 60 seconds · no account

Two tiers, by design. **No key:** anyone can verify a car's identity, resolve it, and
back-trace a suspicious host — trustless, anchored at the IANA root. **Your key:**
register a vehicle, govern its agents, revoke it worldwide.

```sh
# keyless — re-derive and verify any car's identity, trustless
$ whisper verify --trustless 2a04:2a01:1c0::c0de
  ✓ DNSSEC chain valid to the IANA root
  ✓ DANE-EE (TLSA) leaf matches the identity's key
  ✓ RDAP: registered under AS219419 · 2a04:2a01::/32
  identity: VERIFIED — and our own API was never trusted

# the address is the car — reverse DNS names it
$ dig -x 2a04:2a01:1c0::c0de +short
  vin-wvwzzz1kz.fleet.example-oem.whisper.online.

# who really operates a suspicious host — the real graph API, a CALL whisper.identify()
$ curl -s https://graph.whisper.security/api/query -H "X-API-Key: whisper_live_xxx" \
    -H 'content-type: application/json' -d '{"query":"CALL whisper.identify(\"34.90.x.x\")"}'
  operator:  <fingerprinted> · seen across AWS / GCP / Azure
  residential swarm collapsed by JA4: same tooling, 41 exit IPs → 1 operator
```

```sh
# give a car a name it can prove, and govern its agents
$ export WHISPER_API_KEY=whisper_live_xxx
$ whisper register --vin WVW… --from-idevid
  → identity 2a04:2a01:1c0::c0de   DNSSEC + DANE live
$ whisper policy set --default deny --allow api.oem.com,ota.oem.com
$ whisper revoke 2a04:2a01:1c0::c0de   # worldwide, at DNS-TTL
```

Bring your fleet home → <https://console.whisper.security/sign-up> · Read the [docs](/docs).

---

## Where Whisper fits

**Your VSOC sees *that* an API is abused. Whisper tells you *who* — and follows them when
the IP rotates.** The best behavioral VSOC on the market — Upstream — detects abuse at
the app layer, inside your own cloud, and its digital twin is good at it. That's
necessary, and it's where the picture stops. Whisper adds the two layers no one else
owns: an internet-infrastructure attribution graph that fingerprints the adversary across
rotating clouds and residential proxies, and a device/agent identity plane that tells a
legitimate car from an impostor *after* auth. Exactly the two gaps the fleet-API attacks exploit.

| | Upstream | Whisper |
|---|---|---|
| Detect API abuse in your cloud (BOLA, business-logic) | ✓ | *additive feed* |
| Attribute the operator across rotating clouds / residential proxies | — | ✓ |
| Forge-proof per-car / per-agent identity **after** auth | — | ✓ |

It's depth on top of the stack you already run — it rides on the same X.509 device-cert
mTLS your connected-vehicle cloud already speaks and maps straight to your UN **R155** and
**ISO/SAE 21434** evidence, landing as a machine-readable feed into your SIEM — the
**Splunk** connector ships today, with **Microsoft Sentinel** next — enrichment that makes **Recorded Future**,
**Mandiant** and Sentinel sharper. It doesn't replace them, and it doesn't add a console
your analysts babysit. [See the full comparison →](/compare)

---

## Built for the people who have to sign off

**Additive to your stack. Mapped to your standards. Priced so you can say yes.** Three
planes on one primitive — identity, attribution graph, agent governance — and all three
exit into the stack you already run, not a new silo.

- **Feeds your SIEM, not another console.** The Splunk, Microsoft Sentinel and OpenCTI connectors ship today. Findings map to CEF and ECS fields, with STIX 2.1 over TAXII export on the roadmap; a sample Sentinel analytics rule and a Splunk CIM mapping ship in the docs. The evidence chain is signed, replayable JSON you can hand a regulator.
- **Speaks your compliance language.** Maps to UN R155 / R156 and ISO/SAE 21434 evidence, and to the Auto-ISAC Automotive Threat Matrix — findings tagged to ATM tactics and techniques, with the ATM's machine-readable JSON export on the roadmap. Usable in TARA and type approval.
- **In your auth path — and safe there.** It rides *on top of* the X.509 device-cert mTLS your connected-vehicle cloud already runs — AWS IoT Core, Azure Event-Grid MQTT, Google Cloud — anchoring that same identity in public DNSSEC/DANE rather than replacing your vendor's mTLS. The DANE/verify plane is built to fail open: a Whisper outage never bricks a car; checks degrade to your existing anchors. Anycast on AS219419, no single node in the path.
- **Flat, predictable pricing.** Per-VIN/year and flat — not per-transaction, not usage-metered. A line item you can forecast. Clear ROI: analyst-hours saved, warranty and recall exposure reduced, one revoke instead of a fleet-wide reset. [See pricing →](/pricing)
- **On-prem or your own tenant.** Data residency and GDPR by construction.
- **A vendor that will still be here.** Real routable address space (AS219419), run by people who ran the internet's regional address registry and operated one of its root DNS servers. POC → pilot → enterprise, keyless to start.

---

## Give every car an identity it can prove.

The address is the car — routable, DNSSEC-anchored, revocable worldwide in one call.
Keyless to try, one call to provision, one more to revoke.

Bring your fleet home → <https://console.whisper.security/sign-up> · [For OEM security →](/oem-security)

Or run `whisper verify --trustless` right now.

---

*Whisper for Automotive · Identity on the wire for connected vehicles · AS219419 · 2a04:2a01::/32*
*© viaGraph B.V. (dba Whisper Security)*
