DeepSeek app for iOS faces serious security issues. A recent audit reveals it transmits sensitive user and device data without encryption. This makes it vulnerable to attacks and exposes user information to hackers. The app’s failure to follow best security practices raises major concerns.
Cybersecurity firm NowSecure found that DeepSeek sends some user data over the internet unencrypted. This puts users at risk of data interception and manipulation.
Why DeepSeek’s Security Flaws Matter
Sending unencrypted data over the internet creates many risks. Cybercriminals can intercept and misuse this data. Such security gaps lead to identity theft, financial fraud, and malicious attacks.
The audit revealed multiple encryption failures in the DeepSeek app:
- It uses an outdated encryption algorithm (3DES), which is easy to break.
- The app has a hard-coded encryption key, making it easier for attackers to decrypt data.
- It reuses initialization vectors, further weakening its security system.
These issues are concerning because they leave sensitive information unprotected. The app’s weak encryption methods expose user data to cyber threats.
DeepSeek’s Cloud Servers Managed by ByteDance
DeepSeek stores user data on servers managed by Volcano Engine, a platform owned by ByteDance. ByteDance also owns TikTok, which has faced security scrutiny worldwide.
In addition, DeepSeek disables iOS App Transport Security (ATS). ATS protects sensitive data from being sent over unencrypted channels. Disabling ATS lets the app send unencrypted data over the internet, putting users at risk.
Data Sent to China Raises Privacy Concerns
The Associated Press reported that DeepSeek’s website sends user login details to China Mobile. China Mobile is a state-owned telecom company banned from operating in the United States.
This connection has raised serious concerns among U.S. lawmakers. They fear DeepSeek may share user data with Chinese authorities. Some U.S. agencies have pushed for a ban on DeepSeek from government devices.
Countries like Australia, Italy, and South Korea have taken similar steps. In India and the United States, government agencies such as Congress, NASA, and the Pentagon have banned DeepSeek from official devices.
Growing Threats Linked to DeepSeek
DeepSeek’s rising popularity has made it a target for hackers. The app has faced multiple distributed denial-of-service (DDoS) attacks. Mirai botnets like hailBot and RapperBot launched these attacks to disrupt DeepSeek services.
Cybercriminals are also creating fake DeepSeek pages to trick users. These lookalike pages promote scams, malware, and fraudulent cryptocurrency schemes.
Cybercriminals Use AI for Malicious Activities
Cybersecurity company Check Point revealed that hackers are misusing DeepSeek’s AI technology. They use it to create info stealers and spam scripts. Hackers are also bypassing security protections with jailbreaking techniques.
Some hackers even use DeepSeek to develop uncensored content and optimize mass spam distribution. This increases the risk of phishing and data theft. Organizations must implement strong defenses against these advanced threats.
Also read | DeepSeek Security Breach Exposes 1 Million Log Lines and Secret Keys
The Global Push to Ban DeepSeek
DeepSeek’s connection to ByteDance has raised concerns in many countries. Lawmakers worry about the potential misuse of user data.
Several governments have already banned the app on official devices. They fear sensitive data may end up in the wrong hands.
The calls for banning DeepSeek follow the example of similar actions taken against TikTok. The primary concern is data privacy and national security risks.
What Users Should Do
Users must be cautious while using apps that fail to prioritize security. Here are some tips:
- Avoid sharing sensitive information on unverified apps.
- Use a virtual private network (VPN) for added protection.
- Regularly update your phone’s operating system and apps.
- Check app permissions and disable those you don’t trust.
- Install reliable security software on your device.
Also read | DeepSeek vs ChatGPT: Features, Benefits, and Differences
DeepSeek’s Future: What’s Next?
DeepSeek’s security flaws will continue to be a hot topic in the tech world. Its popularity makes it attractive to cybercriminals. Users must stay informed and take precautions to protect their data.
Governments and organizations must also push for better security standards. Apps like DeepSeek should adopt modern encryption techniques and follow best practices.
