# A third party is harvesting your growers' data through your own API, and every IP it shows you is a decoy.

Farm-data platforms run on OAuth: an access token that lives about twelve hours and a
refresh token that lives a *year*, both portable to any IP on earth. Phish one grower,
or lift a partner key, and you hold a genuine grant to yield maps, field boundaries
and as-applied records, with *no contract* and no consent trail. It's a
data-sovereignty exposure before it is anything else, and it's invisible at the
network layer: a real grower is *one IP to one farm*; the abuser is *one operator to
thousands*, passes every auth check, and rotates egress across Amazon, Google and
Azure so all your SOC ever logs is a meaningless *last IP*.

**Stop trying to detect it. Make it an identity problem.** The address **is** the
machine: a routable, DNSSEC-anchored **/128** no broker can forge, so a harvested
grant with no machine-key behind it authenticates to **nothing**.

`whisper verify --trustless` · anchored at the IANA DNS root. Our own API is not in the trust path.

- **400M+** engaged acres flow through a single OEM's farm-data platform
- **12h/365d** the OAuth access/refresh lifetimes a harvested grant inherits
- **4 brands** one cross-brand exchange moves machine data between major OEM clouds
- **~2×** ransomware against food & agriculture roughly doubled in 2025
- **$11M** the ransom one processor paid; about a fifth of US meat behind it
- **1 flaw** a researched bug reached owner name, address, equipment ID and VIN

---

## The problem, in their words

> "We tell every grower they own their farm data. Then a third party
> reverse-engineers our API, harvests logins, and pulls field data off the platform
> with no consent trail, and we cannot prove who touched what. When we try to block
> them, the IP is already gone. **Our own promise is the thing we can't verify.**"
> An agritech-platform security lead, describing the problem shared across the industry.

1. **REVERSE-ENGINEERED**: the farm-data API is mapped from the partner docs and the mobile app, increasingly reconstructed by AI. Nothing is exploited yet; the endpoints are simply used as designed.
2. **REAL GRANTS, NO CONSENT**: a phished grower login or a leaked partner key yields a genuine OAuth grant: ~12-hour access tokens, a refresh token good for a year. Auth says yes. There is no data-use agreement anywhere behind it.
3. **ONE OPERATOR, WHOLE PLATFORM**: low-and-slow organization and field enumeration under every rate limit, then egress hops Amazon → Google → Azure, or a residential-proxy swarm. Your SOC correlates a fresh *last IP* and nothing else.

**Concretely, and at the class level:** the API they call is *your* API, because it
*is* your protocol. A third party holds the exact calls your official apps and
sanctioned partners make, then authenticates the same ways they do: a phished grower
login, a static partner key, or an OAuth **bearer token that is portable to any IP**.
And the surface keeps widening: cross-brand exchanges now move machine data between
four major OEM and FMIS clouds, so one harvested grant can reach further than the
platform it was phished from. A researched disclosure showed how far a single flaw
goes: owner name, home address, equipment ID and VIN, from nothing but a guessable
identifier. The root cause has a name, `OWASP broken authentication / BOLA`: the
token, key or password authenticates a *claim*, never the *machine* on the other end.

This is invisible *by design*, and the wound lands on the industry's one sacred
promise: "farmers own their farm data" is the first principle of every ag-data code
of conduct, and today it is a contract clause with no network fact behind it. A
data-sovereignty incident, not only a security one.

---

## Stop detecting the abuse. Prove the identity.

Detection will always be a step behind a credential that is genuinely valid. To your
backend, the abuser *is* a grower. The only strictly-stronger move is to change what
the backend trusts.

**Today: the backend trusts a bearer secret.** A session token, an API key, a cookie:
whoever holds it can present it. The credential does not prove *which machine*, or
*which sanctioned party*, is on the other end, and the source IP that might have
narrowed it down is disposable.

**Tomorrow: the backend authorizes a machine that proves itself.** Bind authority to
an identity the machine *holds* and can demonstrate cryptographically. A request
either proves it is the machine, or the sanctioned data consumer, it claims to be, or
it has no authority at all, before a single detection rule runs. And because every
authorized party is one verifiable /128, "who accessed this farm's data" stops being
a forensic reconstruction and becomes a log you can hand the farmer. Consent becomes
a checkable network fact.

---

## How it works · machine key → the machine's name

Whisper has one primitive: **the address is the identity**. A routable IPv6 **/128**
out of `2a04:2a01::/32` (announced by **AS219419**), deterministically derived from a
key, DNSSEC-anchored, **DANE-EE** pinned, RDAP/WHOIS-registered: re-derivable and
verifiable by anyone with `dig`.

**Point it at the machine.** Derive each tractor's, implement's or ECU's /128 from
the hardware key it already holds in its secure element or TPM, with the
**17-character equipment PIN or an implement/ECU serial as the domain separator**.
The private key never leaves the secure element; the address is a one-way function of
its public half and the PIN. The farm-data backend then authorizes on the machine's
*pinned identity*, not a stealable token.

```
secure element / TPM  ──pubkey + PIN──▶  /128  ──DNSSEC+DANE-EE──▶  a name anyone can verify
(the machine's device key,               2a04:2a01:…::a6f1           whisper verify --trustless
 never leaves the chip)                  routable identity           op:revoke → owner-thrown, public
```

What changes:

- **"1 IP → a whole co-op" becomes physically impossible.** Every forgery is a DNSSEC/DANE inconsistency any verifier catches.
- **IP rotation becomes irrelevant.** The "last IP" was never the credential.
- **Harvested grants fail.** The broker's server doesn't hold the machine's per-/128 leaf key.
- **Consent becomes checkable.** Every sanctioned data consumer is one verifiable /128 with a per-identity access log.

> **"A leaked API key or a valid partner session looks legitimate; how do you catch abuse that passes auth?"**
> You bind authority to the machine, not the bearer. State-changing commands
> terminate mutually-authenticated to the *target machine's* /128, the machine
> co-signs, so a platform or partner session can't reach a serial it can't
> cryptographically address. BOLA/IDOR lose their leverage: elevating to *any*
> account no longer reaches *any* machine.

**Attaches to what you already ship; it does not replace it.** Whisper complements
the ISOBUS (ISO 11783) `NAME`, AEF Guideline 040's ISOBUS security principles, the
secure element or TPM in the telematics gateway, and the X.509 device-cert mTLS your
equipment cloud already runs.

**The ISOBUS NAME is a claim; the /128 is a proof.** On the implement bus, ISO 11783
gives every device a 64-bit `NAME`: manufacturer code, function, identity number. It
is self-declared, carried over SAE J1939 framing on CAN, and nothing on the bus can
cryptographically verify it; AEF Guideline 040 names exactly this class of problem.
Whisper doesn't touch the bus: it anchors the machine↔cloud IP boundary, where the
same machine's derived /128 *is* cryptographically provable against the IANA root.

**The PIN is the public index; the /128 is its cryptographic counterpart.** PIN alone
yields nothing: you cannot go PIN → /128 without the key, there is no enumerable
directory, and RDAP/reverse-DNS return the registry object, never the machine's
whereabouts.

**Lifecycle, end to end, including the auction.** A trade-in or auction sale is one
`revoke` and a re-register to the new owner, so the data trail transfers with the
title instead of leaking past it. Compromise one ECU and you've compromised *that
ECU*, not the fleet.

**The kill-switch, with accountability.** The industry already proved remote
disablement works: in 2022, roughly $5M of farm equipment looted from a dealership in
an occupied city was bricked from the other side of the world. It also proved the
problem: that power is invisible, unverifiable, and lives with whoever holds the
platform keys. Whisper's `revoke` is the accountable version: thrown by the
*registered owner*, visible in public DNS, checkable by anyone with `dig`. Explicitly
*not* a covert OEM lockout.

Maps to **ISO 24882** (agricultural-machinery cybersecurity, DIS registered October
2025, ISO/TC 23/SC 19), **AEF Guideline 040**, the **EU Data Act** (in force since
12 Sep 2025; verifiable per-party identity is how you draw the
authorized-user-vs-unauthorized-aggregator line for connected machinery) and **Ag
Data Transparent**.

---

## Identity stops the next forgery. The graph names whoever already scraped you.

You won't re-key every machine by Monday, and there is abuse in your logs right now.
The same platform back-traces the operator behind the grants you already logged:
attribution that *survives* the rotation, because it fingerprints the operator and
the tooling, not the ephemeral egress IP.

A live internet-infrastructure graph, **7.44B** nodes and
**39.3B** relationships of fused BGP, DNS, WHOIS, TLS, hosting and
threat intelligence, answering in under 300 ms, fingerprints the *operator*, not the
IP. Cloud rotation collapses into one infrastructure genealogy; a residential swarm
collapses on a `JA4/JA3` client fingerprint that travels with the tooling.

And it's a question, not a signature. Express platform enumeration directly as
read-only Cypher:

```sh
# ask the graph the business-logic question directly
$ curl -s https://graph.whisper.security/api/query -H "X-API-Key: whisper_live_xxx" \
    -H 'content-type: application/json' -d '{"query":"MATCH (src)-[t:TOUCHED]->(m:EquipmentIdentity)
    WHERE t.window = \"15m\" WITH src, count(DISTINCT m) AS machines
    WHERE machines > 50 RETURN src, machines ORDER BY machines DESC"}'
  operator <fingerprinted>   1 source → 2,187 distinct machines / 15m
  egress:  AWS eu-central → GCP europe-w4 → Azure westeu   (collapsed to 1)
  ja4:     same tooling across 41 residential exits → 1 operator
  reproducible, replayable JSON evidence chain → your SIEM
```

The verbs: `identify(ip)` · `origins(prefix)` + `walk(node,depth)` · `history` /
`watch`. Every answer is reproducible, replayable JSON: the GDPR and Data-Act paper trail
for an unauthorized-aggregator finding, and the receipt a farmer's data-sovereignty
question deserves, not a screenshot.

---

## Additive to your SOC. Mapped to your standards. Priced so you can say yes.

| | Behavioral SOC | Whisper |
|---|---|---|
| Detect API abuse in your cloud (BOLA, business-logic) | ✓ | *additive feed* |
| Attribute the operator across rotating clouds / residential proxies | – | ✓ |
| Forge-proof per-machine / per-agent identity **after** auth | – | ✓ |

- **Feeds your SIEM and PSIRT.** The Splunk, Microsoft Sentinel and OpenCTI connectors ship today; findings arrive as signed, replayable JSON mapped to CEF and ECS fields, with STIX 2.1 over TAXII export on the roadmap.
- **Speaks your compliance language.** ISO 24882, AEF Guideline 040, the EU Data Act's authorized-party line, and the Ag Data Transparent promise.
- **Flat pricing, real ROI.** Per-machine/year and flat. [See pricing →](/pricing)
- **Safe in your auth path.** Fail-open by design: a Whisper outage never parks a tractor mid-harvest. Anycast on AS219419, no single node in the path.
- **On-prem or your own tenant.** Data residency and GDPR by construction.
- **A vendor that will still be here.** Real routable address space (AS219419), run by people who ran the internet's regional address registry and operated one of its root DNS servers.

[See the full comparison →](/compare)

---

## Prove it in 60 seconds · no account

```sh
# keyless: re-derive and verify any machine's identity, trustless
$ whisper verify --trustless 2a04:2a01:1c0::a6f1
  ✓ DNSSEC chain valid to the IANA root
  ✓ DANE-EE (TLSA) leaf matches the identity's key
  ✓ RDAP: registered under AS219419 · 2a04:2a01::/32
  identity: VERIFIED, and our own API was never trusted

# the address is the machine: reverse DNS names it
$ dig -x 2a04:2a01:1c0::a6f1 +short
  pin-1agcm82633a.farm.example-oem.whisper.online.

# who really operates a suspicious host: with your key, via the public graph API
$ curl -s https://graph.whisper.security/api/query -H "X-API-Key: whisper_live_xxx" \
    -H 'content-type: application/json' -d '{"query":"CALL whisper.identify(\"34.90.x.x\")"}'
  operator:  <fingerprinted> · seen across AWS / GCP / Azure
  residential swarm collapsed by JA4: same tooling, 41 exit IPs → 1 operator
```

```sh
# give a machine a name it can prove, and govern its agents
$ export WHISPER_API_KEY=whisper_live_xxx
# --pin/--from-secure-element are on the roadmap; today the 17-char PIN rides the live control-plane vin arg (see docs)
$ whisper register --pin 1AGC… --from-secure-element
  → identity 2a04:2a01:1c0::a6f1   DNSSEC + DANE live
$ whisper policy set --default deny --allow ops.example-oem.com,updates.example-oem.com
$ whisper revoke 2a04:2a01:1c0::a6f1   # owner-thrown, publicly verifiable, at DNS-TTL
```

Bring your fleet home → <https://console.whisper.security/sign-up> · Read the [docs](/docs).

---

*Whisper for Agriculture · Identity on the wire for the connected farm · AS219419 · 2a04:2a01::/32*
*© viaGraph B.V. (dba Whisper Security)*
