Multiple security flaws found in DeepSeek iOS app

Numerous safety drawbacks were found in the DeepSeek iOS application, which is still one of the most popular boots in the App Store after he launched the charts at the first launch.

The latest conclusions are much worse than the previous security failure, which exposed the history of chat and other confidential information in a database that does not require authentication …

Previous fears about Deepseek

While we mentioned this before he got into the headlines, because most of Deepseek appeared from nowhere, and during the night they became the most loaded application for the iPhone.

Researchers of artificial intelligence were shocked by the capabilities of the application that had significantly reduced hardware requirements than the chat bots of similar energy, and the news sent the price of shares of a number of us that fall.

However, this was not long before the problems of security and confidentiality were raised. The patrol landscape in Italy asked if the application corresponds in accordance with the European Law on Privacy, and Ireland asked similar questions. US officials also investigate the potential consequences of national security.

Then it was found that the company unintentionally could not provide a database containing more than a million lines of magazine records, including chat history and secret keys.

Several safety drawbacks found in the Deepseek iOS application

The mobile security security company has now discovered several security flaws in the iPhone application, including the inability to use the built -in Apple App Transport Security (ATS). ATS is designed to ensure that confidential personal data is sent only through encrypted channels, but now they found that Deepseek has turned it off.

The DEPSeek iOS application on a global scale disconnects the safety of application transport (ATS), which is a protection of the level of the iOS platform, which prevents the sending of confidential data on unencrypted channels. Since this defense is disabled, the application can (and makes) send unnatered data via the Internet.

The company says that although the discovered data may seem harmless, it can be easily combined to dehydrate users.

Although none of these data obtained separately is very risky, the aggregation of many data points over time quickly leads to easy identification of people. Analytics Analytics Data is a recent data that these data are actively gathering on a scale and can effectively de-am anonimize millions of people.

Where the data is encrypted, the company uses an outdated encryption method, which, as you know, is erroneous.

The encryption algorithm selected for this part of the application uses a well -known broken encryption algorithm (3DES), which makes it a poor choice to protect the data confidentiality.

In addition, the data collected by the application can be used for the purposes of spying identification.

[A sample user] It works on the last iPad using a cellular connection for data transfer, which is registered in the FIRSTNET (American Public Breate Broadband Network Operator), and the user will supposedly be considered a target for spying high cost.

Keep in mind that not only 10 data points collected in the Deepseek iOS application, but related data are collected from millions of applications and can be easily purchased, combined, and then associated with the rapid dehydration.

A long analysis concludes that the Deepseek iOS application is not safe to use, and notes that the Android version is even less safe.

9TO5MAC is

Although the DeepSeek application is technically impressive, it was interesting to check its capabilities, we warn everyone who uses it for real tasks that include any disclosure of personal data. You must assume that Deepseek can identify you and see the content of your interactions.

We are still at a relatively early stage of security researchers studying the application, therefore it is likely that additional problems of security and confidentiality will be identified. Personally, I now removed it from my iPhone and would advise others to do the same.

Image: 9to5MAC