DeepSeek has grabbed the spotlight in the AI industry as the underdog that briefly became the world’s leading app, overtaking ChatGPT AI assistant. While many see it as the Robinhood of AI, not all things are pretty about it.
A report by NowSecure, a mobile security company, highlights a big privacy risk in using DeepSeek’s iOS app, hinting that the Android app is no better.
DeepSeek Clueless About Latest Security Standards
The security assessment by NowSecure highlights glaring weaknesses in the app’s security standards for iOS users.
To start with, DeepSeek’s AI assistant app does not enforce the ATS (app transport security), a security feature provided by Apple to prevent insecure communications globally, for unknown reasons.
Next, the app does not encrypt the data sent to the servers controlled by ByteDance, TikTok’s parent company. While the information does not involve personal data, an unencrypted channel can open up opportunities for a hacker.
The report states, “The DeepSeek iOS app sends some mobile app registration and device data over the internet without encryption. This exposes any data in the internet traffic to both passive and active attacks.”
Andrew Hoog, the founder of NowSend, mentions more about it in the report, “An attacker with privileged access on the network (known as a Man-in-the-Middle attack) could also intercept and modify the data, impacting the integrity of the app and data.”
Moreover, the encryption utilises the 3DES algorithm, which is now considered an insecure form of encryption.
Organisations Advised to Stop Using DeepSeek
Considering the privacy and security risks associated with the DeepSeek iOS app, the report recommends not using it in your organisation until things are fixed and better standards are in place.
As an alternative, some organisations can try self-hosting DeepSeek or using cloud services like the Azure platform to continue using it securely.
