A new audit of DeepSeek’s mobile app for the Apple IOS operating system has discovered obvious security issues. This is the exposure to encryption and manipulation attacks, sending sensitive data over the Internet, and exposing it to the internet and manipulation attacks.
The rating comes from Nowsecure, and we found that the app fails to adhere to the best security practices and collects data from a wide range of users and devices.
“The DeepSeek iOS app sends mobile app registrations and device data over the Internet without encryption,” the company said. “This exposes the data in your internet traffic to both passive and active attacks.”
The fragments also revealed some of the weaknesses of implementations regarding the application of encryption to user data. This includes using insecure symmetric encryption algorithms (3DES), hard-coded encryption keys, and reuse of initialization vectors.
Additionally, this data is sent to servers managed by the Cloud Compute and Storage platform, owned by Bytedance, the Chinese company that runs Tiktok.
“The DeepSeek iOS app globally disables APP Transport Security (ATS), an IOS platform-level protection that prevents sensitive data from being transmitted over unencrypted channels,” says Nowsecure. . “This protection is disabled so apps can (and do) send unencrypted data over the Internet.”
The findings have been added to the growing list of concerns raised around the Artificial Intelligence (AI) chatbot services, even if they spike at the top of the App Store chart on both Android and iOS in several markets around the world. Masu.
Cybersecurity company checkpoint leverages Deepseek’s AI engine alongside Alibaba Qwen and Openai ChatGpt to develop information steelers, generate uncensored or unlimited content, and optimize scripts for large spam distributions To this point, he said he observed instances of threat actors that are leveraging Deepseek’s AI engine.
“Threat targets will use advanced technologies such as bypassing protection measures and breaking away from information theft and breaking away to develop spam distribution, so organizations will implement aggressive defenses against these evolving threats. “The urgency for this ensures a robust defense against the potential misuse of AI technology.”
Earlier this week, the Associated Press revealed that DeepSeek’s website is configured to send user login information to China Mobile, a state-owned telecommunications company that is prohibited from operating in the US. .
Similar to Tiktok, the Chinese link in the app has urged US lawmakers to push for a nationwide ban on Deepseek from government equipment over the risk that it could provide user information to Beijing.
It is worth noting that several countries, including Australia, Italy, the Netherlands, Taiwan, and South Korea, as well as US government agencies such as India, Congress, NASA, Navy, Pentagon and Texas, have enacted bans on deep stakes. Masu. From government devices.
Deepseek’s explosion into popularity has also led to a fight against malicious attacks, and Chinese cybersecurity firm XLAB told Global Times that the service gave birth to Mirai Botnets Hailbot and Rapperbot late last month, a sustained dispersal denial (DDO) ) It tells you that you are being exposed to attack.
Meanwhile, cybercriminals are not wasting their time using the enthusiastic pages around Deepseek to set up pages that look like they’ll propagate malware, fake investment scams and fraudulent cryptocurrency schemes. .
Source link
