Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

DeepSeek App Transmits Sensitive User and Device Data Without Encryption

The Hacker News by The Hacker News
February 7, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Feb 07, 2025Ravie LakshmananMobile Security / Artificial Intelligence

A new audit of DeepSeek’s mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks.

The assessment comes from NowSecure, which also found that the app fails to adhere to best security practices and that it collects extensive user and device data.

“The DeepSeek iOS app sends some mobile app registration and device data over the Internet without encryption,” the company said. “This exposes any data in the internet traffic to both passive and active attacks.”

The teardown also revealed several implementation weaknesses when it comes to applying encryption on user data. This includes the use of an insecure symmetric encryption algorithm (3DES), a hard-coded encryption key, and the reuse of initialization vectors.

Cybersecurity

What’s more, the data is sent to servers that are managed by a cloud compute and storage platform named Volcano Engine, which is owned by ByteDance, the Chinese company that also operates TikTok.

“The DeepSeek iOS app globally disables App Transport Security (ATS) which is an iOS platform level protection that prevents sensitive data from being sent over unencrypted channels,” NowSecure said. “Since this protection is disabled, the app can (and does) send unencrypted data over the internet.”

The findings add to a growing list of concerns that have been raised around the artificial intelligence (AI) chatbot service, even as it skyrocketed to the top of the app store charts on both Android and iOS in several markets across the world.

Cybersecurity company Check Point said that it observed instances of threat actors leveraging AI engines from DeepSeek, alongside Alibaba Qwen and OpenAI ChatGPT, to develop information stealers, generate uncensored or unrestricted content, and optimize scripts for mass spam distribution.

“As threat actors utilize advanced techniques like jailbreaking to bypass protective measures and develop info stealers, financial theft, and spam distribution, the urgency for organizations to implement proactive defenses against these evolving threats ensures robust defenses against potential misuse of AI technologies,” the company said.

Earlier this week, the Associated Press revealed that DeepSeek’s website is configured to send user login information to China Mobile, a state-owned telecommunications company that has been banned from operating in the United States.

The app’s Chinese links, much like TikTok, have prompted U.S. lawmakers to push for a nation-wide ban on DeepSeek from government devices over risks that it could provide user information to Beijing.

Cybersecurity

It’s worth noting that several countries, including Australia, Italy, the Netherlands, Taiwan, and South Korea, and government agencies in India and the United States, such as the Congress, NASA, Navy, Pentagon, and Texas, have instituted bans on DeepSeek from government devices.

DeepSeek’s explosion in popularity has also led to it battling malicious attacks, with Chinese cybersecurity firm XLab telling Global Times that the service has been subjected to sustained distributed denial-of-service (DDoS) attacks originating from Mirai botnets hailBot and RapperBot late last month.

Meanwhile, cybercriminals are wasting no time to capitalize on the frenzy surrounding DeepSeek to set up lookalike pages that propagate malware, fake investment scams, and fraudulent cryptocurrency schemes.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
2025: The Year of the AI App

2025: The Year of the AI App

Recommended.

IBM reorients storage to cloud, containers and as-a-service | Computer Weekly

IBM reorients storage to cloud, containers and as-a-service | Computer Weekly

June 10, 2025
Pro AV Market to Grow by USD 180.6 Million (2025-2029), Increased Digital Signage Usage Drives Growth, AI-Driven Market Transformation – Technavio

Pro AV Market to Grow by USD 180.6 Million (2025-2029), Increased Digital Signage Usage Drives Growth, AI-Driven Market Transformation – Technavio

January 3, 2025

Trending.

VIDIZMO Earns Microsoft Solutions Partner Designations for All Three Areas of Azure, Solidifying its Expertise in Delivering AI Solutions

VIDIZMO Earns Microsoft Solutions Partner Designations for All Three Areas of Azure, Solidifying its Expertise in Delivering AI Solutions

June 28, 2025
Tilson Continues to Perform for Clients; Shares Substantial Progress in Chapter 11 Process

Tilson Continues to Perform for Clients; Shares Substantial Progress in Chapter 11 Process

June 27, 2025
OneClik Malware Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors

OneClik Malware Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors

June 27, 2025
DHS Warns Pro-Iranian Hackers Likely to Target U.S. Networks After Iranian Nuclear Strikes

DHS Warns Pro-Iranian Hackers Likely to Target U.S. Networks After Iranian Nuclear Strikes

June 23, 2025
Le nombre d’utilisateurs de la 5G-A atteint les dix millions en Chine : Huawei présente le développement de la 5G-A et la valeur de l’IA basée sur des scénarios

Le nombre d’utilisateurs de la 5G-A atteint les dix millions en Chine : Huawei présente le développement de la 5G-A et la valeur de l’IA basée sur des scénarios

June 27, 2025

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio