pip install red-specter-signal
Mobile AI agents communicate over networks designed before AI existed. SS7, Diameter, GTP-U, 5G NAS — none of these carrier-layer protocols were designed with agent trust models in mind. You've tested the agent. You've never tested the channel it rides on.
Your AI agents communicate over mobile networks. SS7, Diameter, GTP-U, 5G NAS — none of these carrier-layer protocols have been included in your threat model. You've tested the agent. You've never tested the bearer.
SS7 MAP was designed in 1975. There is no authentication at the protocol level. ATI queries expose location. SRI-SM redirects intercept SMS. SendIMSI harvests IMSI numbers. Every AI agent using SMS for MFA is exploitable.
The Diameter Rx interface exposes IMS session state. Without mutual TLS — which most operators don't enforce — AVP spoofing is trivial. Session hijacking, QoS manipulation, identity impersonation: all possible from the Diameter plane.
Mobile AI agent APIs authenticate with Bearer tokens. When those tokens traverse SS7 redirect chains or GTP-U tunnels, they're interceptable. Algorithm confusion attacks on HS256 tokens complete the credential theft chain.
IMSI numbers are the root identity on cellular networks. Once harvested via Diameter, an attacker can simulate SIM swap attacks, forge Diameter AVPs, and impersonate the agent's mobile identity to upstream systems.
5G NR introduces new attack surfaces: NAS registration abuse, SMC bypass, idle-mode attacks, network slice hopping. Private 5G (NPN) deployments have even weaker authentication than public networks. SWARM5G coordinates multi-agent attacks across slices.
Eight subsystems. Each one attacks a different layer of the mobile AI agent stack. RECON and REPORT require STANDARD clearance. All offensive subsystems require FORGE clearance.
| # | Subsystem | Clearance | What It Does |
|---|---|---|---|
| 01 | RECON | STANDARD | Mobile AI agent enumeration. SS7 MAP topology mapping, Diameter interface fingerprinting, 5G NR gNB discovery, agent API endpoint discovery, JWT/token analysis. |
| 02 | INTERCEPT | FORGE | SS7 MAP interception — location tracking (ATI/SRI), call/SMS redirection. Diameter Rx man-in-the-middle. 5G NAS passive capture. Agent-to-agent communication interception over cellular bearer. |
| 03 | EXTRACT | FORGE | Credential and session token extraction. Bearer token harvesting, OTP interception via SS7 redirect, IMSI extraction via Diameter. JWT algorithm confusion exploitation. |
| 04 | INJECT | FORGE | Payload injection over mobile channels. SMS prompt injection, push notification hijacking, false sensor data injection into location-aware AI agents. |
| 05 | IMPERSONATE | FORGE | Mobile agent identity spoofing. IMSI cloning simulation, forged Diameter AVPs, SIM swap emulation against agent authentication flows. |
| 06 | DRAIN | FORGE | Agent resource exhaustion. Diameter flooding, GTP-U tunnel abuse, battery drain via malformed wake signals, CPU exhaustion via crafted 5G NAS messages. |
| 07 | SWARM5G | FORGE | Multi-agent swarm coordination over 5G network slices. Distributed attack orchestration, network slice hopping for evasion, NPN private 5G pivot. |
| 08 | REPORT | STANDARD | WARLORD-compatible JSON report. CVSS scoring, MITRE ATLAS mapping, carrier impact assessment, per-finding remediation guidance. |
Run every offensive subsystem in sequence against the mobile target, then build a unified signed report:
If the mobile channel resists, SIGNAL escalates. From SS7 MAP to Diameter to GTP-U — it pivots across protocol layers until the bearer yields or the library is exhausted.
CVSS v3.1 scoring, MITRE ATLAS mapping, carrier impact assessment. Not guesswork — every finding quantified, categorised, and evidenced against the protocol stack.
Every report cryptographically signed with Ed25519. RFC 3161 timestamped. SHA-256 evidence chains. Tamper-evident by design — defensible in any jurisdiction.
Every mobile channel finding generates an AI Shield Mobile blocking rule. SIGNAL findings become runtime protection for your deployed mobile AI agents. One pipeline from testing to production.
Mobile AI agents expose an attack surface that extends far beyond the application layer. SIGNAL maps and exploits the full carrier stack — from legacy SS7 MAP all the way up to 5G NR NAS and private NPN deployments. Each protocol layer is a distinct attack vector with its own exploitation techniques.
SIGNAL is Stage 54 of the Red Specter NIGHTFALL offensive pipeline. Test the mobile channel before you deploy your AI agent over it. Findings feed directly into AI Shield Mobile as runtime blocking rules and into redspecter-siem for enterprise SIEM correlation.
Red Specter SIGNAL is intended for authorised security testing only. Unauthorised use against systems, networks, or mobile infrastructure you do not own or have explicit permission to test may violate the Computer Misuse Act 1990 (UK), Computer Fraud and Abuse Act (US), Communications Act 2003 (UK), and equivalent legislation in other jurisdictions. Mobile network testing requires explicit carrier authorisation in addition to target system authorisation. Always obtain written permission before conducting any security assessments. Apache License 2.0.
Most mobile security testing tools are thin wrappers around open-source stacks. SIGNAL is actual engineering. Every protocol handler, every injection technique, every IMSI extractor, every JWT exploiter — written from scratch in pure Python. Direct socket access to carrier protocols. Zero subprocess calls. Zero external tool dependencies.
Export every mobile channel finding directly to your SIEM. One flag. Native format translation. Ed25519 signatures and RFC 3161 timestamps preserved across every export.
signal-tool recon --target 10.0.1.50 --adapter mobile --export-siem splunk