It’s rare to see an MVNO thread get into the weeds of the mobile core, but as a Full MVNO, Cape is essentially running its own sovereign telco infrastructure. From an outside perspective, they are definitely among the few who are treating the signaling plane with the proper level of scrutiny (they built their own signalling firewall) But even with a proprietary core and a signaling firewall, Cape is still an island in a sea of legacy protocols and peer MNOs with different intentions...

I'd be interested to see how they are hardening the IMS (IP Multimedia Subsystem) and VoLTE/VoWifi stack. SIP signaling and RTP streams for voice are often unencrypted internally.

If Cape is applying their 'Network Lock' logic to the IMS layer, they could potentially mitigate SIP-level spoofing and voice interception that occurs at the interconnect. Their 'Encrypted Voicemail' (using asymmetric keys on the device) is a strong signal that they understand the 'Last Mile' problem.

Also even if SEPPs are not really a thing, i'd be curious to know if they've started looking at this.

In the small world of telco security (disclaimer i work for P1Security), they are definitely working in the right direction. Any international ambition, particularly in EU, will be a tough sell though....