BUSINESS NEWS

daily business news in usa

Trending News

Entertainment
Loveyapa Review By Arjun Kapoor, Ashram 4 Releasing Date,Saif’s Sister Performs Sadqa | Top 10 News 01
02
Politics
Gucci announces departure of creative director De Sarno just weeks before next Milan runway show
03
Technology
Another AI assistant for iPhone? This one’s different
04
Entertainment
CAM NEWTON IS STILL DEALING WITH ‘RESENTMENT’ AFTER HAVING ‘CHILD OUTSIDE MY RELATIONSHIP’
05
Politics
FBI agent who investigated Jan. 6 calls Trump Justice Department inquiry “demoralizing”

DeepSeek’s iOS app sends unencrypted data to Chinese servers

graissmohamed04 mins


Chart-topping AI iPhone app DeepSeek has been found to be sending data to Chinese-owned services, as well as collecting extensive user data that is held and sent unencrypted.

DeepSeek is a generative AI app, similar to ChatGPT, which launched in January 2025 and practically immediately went to the top of the US App Store charts. That was despite the DeepSeek Chinese AI startup company being found to have a major security lapse.

“[DeepSeek is] not equipped or willing to provide basic security protections of your data and identity,” said Andrew Hoog, co-founder of security firm NowSecure told Ars Techica in a statement. “There are fundamental security practices that are not being observed, either intentionally or unintentionally. In the end, it puts your and your company’s data and identity at risk.”

Chicago-based NowSecure mobile security firm says that DeepSeek’s iOS app has multiple security and privacy issues. Specifically:

  1. Sensitive data is sent unencrypted

  2. User data is stored insecurely

  3. The app collects extensive user and device data

  4. User data is sent to Chinese-owned servers

NowSecure also says that while DeepSeek does use encryption, it is using 3DES encryption. This is a symmetric encryption scheme that was deprecated in 2016 after research showed that it could be broken.

Plus as implemented, the 3DES encryption uses symmetric keys and DeepSeek has hard-coded these into the app. It means that every user is using the same encryption keys.

The app also disables Apple’s App Transport Security protocol, that would enforce encryption of data. DeepSeek has not said why it’s disabled this, nor has Apple commented on why companies can choose not to use it.

Then data is decrypted when it’s stored on ByteDance’s servers. Once there, it can be used to identify specific users and potentially track queries.

As well as violating security best practices, this decryption is significant because while the servers are controlled by ByteDance, the company is bound by Chinese laws regarding government access. This is the same issue that has led to the US requiring ByteDance to sell TikTok.

NowSecure says it is continuing to research DeepSeek. It notes that the Android version is even less secure than the iOS one.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Related News