Recent, an audit of the DeepSeek AI app uncovered severe security vulnerabilities, exposing sensitive user data due to lack of encryption and outdated security measures. The app transmits user registration details and device data unencrypted, making it susceptible to interception.
Key Findings:
- Unencrypted data transmission over the internet
- Use of outdated encryption algorithms (3DES)
- Connection to servers owned by ByteDance’s Volcano Engine
- Disabling of App Transport Security (ATS), increasing exposure to cyber threats
- Additionally, security researchers flagged concerns about excessive data harvesting and possible ties to state-owned telecom providers, prompting calls for regulatory action.
Read the full security breakdown and implications here: Critical vulnerabilities in the DeepSeek iOS App
Top comments (0)