A recent investigation into DeepSeek’s mobile application for the Apple iOS operating system revealed glaring safety issues, the most obvious being that it sends delicate information over the internet without any encryption, exposing it to manipulation and interception problems.
NowSecure also provided the findings, which included the findings that the game violates best safety practices and collects a lot of user and device data.
Some mobile apps registration and machine data are sent over the Internet without encryption, according to the company. This makes any information in online customers vulnerable to both passive and active problems.
Additionally, the wreck revealed a number of implementation flaws when it comes to encrypting user data. This includes the use of , a hard-coded encryption key, and an insecure symmetric encryption algorithm ( ).
Additionally, the data is sent to servers run by ByteDance, a Chinese company that also runs TikTok, a cloud computing and storage program called .
According to Now Secure, the DeepSeek iOS app globally turns off App Transport Security ( ATS), an iOS platform-level security feature that prevents sensitive data from being sent over unencrypted channels. ” Since this protection is disabled, the app can ( and does ) send unencrypted data over the internet”.
The findings add to a of issues raised by the chatbot service’s artificial intelligence ( AI ) status, despite the fact that it soared to the top of the app store charts on both Android and iOS in a number of countries around the world.
Cybersecurity firm Check Point reported finding instances of danger actors using AI engines from DeepSeek, along with Alibaba Qwen and OpenAI ChatGPT, to create data stealers, create unrestrained or unfiltered content, and optimize scripts for bulk email distribution.
The need for organizations to implement proactive defenses against these growing threats, according to the company, ensures strong defenses against possible misuse of AI technologies as threat actors use advanced techniques like jailbreaking to pass protective measures and develop info stealers, economic theft, and spam distribution.
The Associated Press reported earlier this week that the web for DeepSeek is set up to give users login data to China Mobile, a state-owned telecommunications firm that has been prohibited from operating in the United States.
The phone’s Chinese hyperlinks, much like , have prompted U. S. legislators to drive for a nation-wide restrictions on DeepSeek from federal devices over risks that it could offer consumer information to Beijing.
It’s worth noting that many countries, including , , , , and , and government organizations in India and the United States, such as the Congress, NASA, Navy, Pentagon, and Texas, have instituted restrictions on DeepSeek from government products.
The rise in popularity of DeepSeek has also led to the company’s battle with malicious attacks, according to Chinese cybersecurity firm XLab, who reported to Global Times that Mirai botnet and had been conducting persistent distributed denial-of-service ( DDoS ) attacks in the past few months.
Fraudsters are taking advantage of the excitement surrounding DeepSeek by creating false website smuggled with trojan, phony investment schemes, and phony cryptocurrency schemes.