The DeepSeek iOS app makes use of unencrypted data transmission, a new report has shared. This combined with weak encryption keys and channels for sending unencrypted data to China is a major security concern for researchers.
Several nations have already opted to ban the Chinese startup firm’s software owing to security issues and links with China. Meanwhile, the latest findings come to us thanks to American mobile security firm NowSecure which didn’t hold back on its leading concerns on the matter.
It detailed more about how the Chinese tech giant is fueling more concerns as shocking details about high-security risks continue. This has to do with its iOS app that transformed into the world’s most downloaded platform through the App Store last week.
NowSecure mentioned how it analyzed the platform by inspecting this on actual iOS devices and unraveled security vulnerabilities as well as major privacy problems. As per the company, it’s a huge issue for governments as this kind of exposure related to sensitive matters and surveillance can turn out to be concerning. This is why it’s now sharing recommendations to delete the platform that belongs to both government businesses and respective institutions.
The first major problem highlighted in this has to do with DeepSeek’s iOS platform sending mobile app registrations and device data online without using encryption. This exposes the information to attacks as well as more scrutiny.
For instance, one attacker having access to this network could actually intercept and then alter the data. This greatly impacts the integrity of the platform and all information found online. At the same time, we’re hearing more about how Apple has designed a new built-in platform to protect its developers from rolling out the flaw. However, it was soon disabled for the iOS app Deepseek.
When users launch the DeepSeek iOS app, they communicate with the backend of the company to configure the app. Then registration begins and you establish a product’s profile mechanism. Even after the network undergoes configuration to attack the mobile app, it manages to execute the steps. This enables both passive and active incidents against the data found.
This app also makes use of outdated Triple DES encryption and reuses the whole initialization of vectors and any hardcode encryption features. In the end, it just violates the best security protocols, making it very dangerous.
But it does not end there. The report also talks about the app insecurely storing data such as encryption keys, passwords, and even names. That could give rise to major issues in terms of data recovery that attackers can leverage and use against.
The company also managed to share how it unraveled sensitive information inside cached databases on devices. This arose when the developer used certain APIs for communication inside remote endpoints.
The latest API caches all HTTP replies unless the caching is disabled in an explicit manner.
Similarly, the platform makes use of a tenth of the data points such as company ID and device OS. This might be true for other apps out there today but the latest NowSecure highlights how DeepSeek data is passed through servers under the ownership of ByteDance. Again, this raises major security issues regarding government access and risks for compliance.
Many nations are rolling out warnings and putting a ban on DeepSeek. Meanwhile, one Republican senator shared how the fines can stretch to millions of dollars while utilizing AI software from China in the US.
We’ve already seen countries like South Korea block the app’s access on different ministry computers designed for military use. We’ve similarly seen Australia ban it from all government devices as it thought the risk was unacceptable.
Both France and Ireland began investigations into the platform regarding data storage in servers in China. Both Italy and Taiwan are following in the footsteps of others with a possible ban in all government departments, starting this week.
So as you can see, the problems of DeepSeek are plenty, and many wonder if the fame it generated during its first week could soon be dwindling.
Image: DIW
Read next: Big Tech Is Serving Ads On Websites Publishing Child Abuse Images to Fund Operations
Several nations have already opted to ban the Chinese startup firm’s software owing to security issues and links with China. Meanwhile, the latest findings come to us thanks to American mobile security firm NowSecure which didn’t hold back on its leading concerns on the matter.
It detailed more about how the Chinese tech giant is fueling more concerns as shocking details about high-security risks continue. This has to do with its iOS app that transformed into the world’s most downloaded platform through the App Store last week.
NowSecure mentioned how it analyzed the platform by inspecting this on actual iOS devices and unraveled security vulnerabilities as well as major privacy problems. As per the company, it’s a huge issue for governments as this kind of exposure related to sensitive matters and surveillance can turn out to be concerning. This is why it’s now sharing recommendations to delete the platform that belongs to both government businesses and respective institutions.
The first major problem highlighted in this has to do with DeepSeek’s iOS platform sending mobile app registrations and device data online without using encryption. This exposes the information to attacks as well as more scrutiny.
For instance, one attacker having access to this network could actually intercept and then alter the data. This greatly impacts the integrity of the platform and all information found online. At the same time, we’re hearing more about how Apple has designed a new built-in platform to protect its developers from rolling out the flaw. However, it was soon disabled for the iOS app Deepseek.
When users launch the DeepSeek iOS app, they communicate with the backend of the company to configure the app. Then registration begins and you establish a product’s profile mechanism. Even after the network undergoes configuration to attack the mobile app, it manages to execute the steps. This enables both passive and active incidents against the data found.
This app also makes use of outdated Triple DES encryption and reuses the whole initialization of vectors and any hardcode encryption features. In the end, it just violates the best security protocols, making it very dangerous.
But it does not end there. The report also talks about the app insecurely storing data such as encryption keys, passwords, and even names. That could give rise to major issues in terms of data recovery that attackers can leverage and use against.
The company also managed to share how it unraveled sensitive information inside cached databases on devices. This arose when the developer used certain APIs for communication inside remote endpoints.
The latest API caches all HTTP replies unless the caching is disabled in an explicit manner.
Similarly, the platform makes use of a tenth of the data points such as company ID and device OS. This might be true for other apps out there today but the latest NowSecure highlights how DeepSeek data is passed through servers under the ownership of ByteDance. Again, this raises major security issues regarding government access and risks for compliance.
Many nations are rolling out warnings and putting a ban on DeepSeek. Meanwhile, one Republican senator shared how the fines can stretch to millions of dollars while utilizing AI software from China in the US.
We’ve already seen countries like South Korea block the app’s access on different ministry computers designed for military use. We’ve similarly seen Australia ban it from all government devices as it thought the risk was unacceptable.
Both France and Ireland began investigations into the platform regarding data storage in servers in China. Both Italy and Taiwan are following in the footsteps of others with a possible ban in all government departments, starting this week.
So as you can see, the problems of DeepSeek are plenty, and many wonder if the fame it generated during its first week could soon be dwindling.
Read next: Big Tech Is Serving Ads On Websites Publishing Child Abuse Images to Fund Operations
