DeepSeek App Security Risks: Data Exposed, Encryption Weaknesses

Like other AI models discussed such as Metas Llama posing significant risk...yet another recent examination of the DeepSeek's mobile application for the Apple iOS operating framework has uncovered significant security vulnerabilities, with the primary concern being its transmission of sensitive information over the internet without encryption, thereby making it susceptible to interception and manipulation threats.

This evaluation originates from NowSecure, which also identified the application’s failure to conform to optimal security protocols and its practice of gathering extensive user and device information.

"The DeepSeek iOS application transmits certain mobile app registration and device data over the internet without encryption," stated the company. "This renders any data within the internet traffic vulnerable to both passive and active attacks. "

The analysis further indicated multiple implementation flaws regarding the application of encryption on user data. This encompasses the utilization of an insecure symmetric encryption algorithm (3DES), a hard-coded encryption key, and the repetition of initialization vectors.

Additionally, the data is relayed to servers managed by a cloud computing and storage service known as Volcano Engine, which is owned by ByteDance, the Chinese corporation that also oversees TikTok.

"The DeepSeek iOS application entirely disables App Transport Security (ATS), a platform-level safeguard on iOS that prevents the transmission of sensitive data over unencrypted channels," NowSecure added. "With this protection turned off, the application can (and does) transmit unencrypted data over the internet. "

These revelations contribute to an escalating list of worries surrounding the artificial intelligence (AI) chatbot service, even as it ascends to the upper echelons of app store rankings on both Android and iOS across various global markets.

Cybersecurity firm Check Point reported observing instances of malicious actors utilizing AI engines from DeepSeek, in conjunction with Alibaba Qwen and OpenAI ChatGPT, to create information thieves, generate unrestricted content, and refine scripts for widespread spam deployment.

"As malicious actors employ sophisticated techniques such as jailbreaking to bypass security measures and create information thieves, engage in financial fraud, and distribute spam, the imperative for organizations to adopt proactive defenses against these evolving threats becomes paramount to ensure robust protections against potential AI technology misuse," the company stated.

Earlier this week, the Associated Press disclosed that DeepSeek's website is set up to transmit user login details to China Mobile, a state-owned telecommunications entity that has been prohibited from operating within the United States.

The app's Chinese affiliations, similar to TikTok, have spurred U. S. legislators to advocate for a nationwide prohibition of DeepSeek on government devices over concerns regarding potential user data sharing with Beijing.

It is noteworthy that numerous nations, including Australia, Italy, the Netherlands, Taiwan, and South Korea, as well as governmental bodies in India and the United States, such as Congress, NASA, the Navy, the Pentagon, and Texas, have instituted bans on DeepSeek for government devices.

DeepSeek's surge in popularity has also resulted in its facing malicious assaults, with the Chinese cybersecurity company XLab informing Global Times that the platform has been subjected to ongoing distributed denial-of-service (DDoS) attacks originating from Mirai botnets, including hailBot and RapperBot, in late last month.

Concurrently, cybercriminals are seizing the opportunity to exploit the hysteria surrounding DeepSeek by creating imitation pages that disseminate malware, counterfeit investment schemes, and deceptive cryptocurrency operations.

Did you enjoy CarlsCloud™ today and did I help you at all?

If so, buy me a coffee or just shoot me a note via LinkedIn to say thanks it would mean a lot!