The popular AI chatbot app, DeepSeek, faces scrutiny over significant security flaws discovered by NowSecure. These vulnerabilities potentially expose sensitive user data and raise concerns about data privacy.
DeepSeek, which gained rapid popularity following its recent launch, transmits sensitive information over the internet without proper encryption, according to NowSecure’s findings. This insecure data transmission leaves user data vulnerable to interception and malicious manipulation by third parties. The app relies on the outdated Triple DES encryption method, known for its vulnerabilities, making it an easy target for attackers. This is comparable to securing valuable possessions with a flimsy lock.
Furthermore, DeepSeek’s security woes are compounded by the reuse of encryption keys. Using duplicate keys across the application is akin to using the same password for multiple accounts – a single breach could compromise all user data. The app’s security is further weakened by embedding these keys directly within the application itself, providing hackers with easy access.
NowSecure’s investigation also uncovered insecure data storage practices within DeepSeek. Usernames, passwords, and encryption keys are stored insecurely, further escalating the risk of data breaches. The app’s collection of user and device data raises concerns about user tracking and potential de-anonymization.
Adding to the controversy, user data from DeepSeek reportedly flows to servers owned by ByteDance, the parent company of TikTok, which itself is embroiled in ongoing security and privacy controversies, particularly in the U.S. This connection raises further red flags regarding DeepSeek’s data handling practices.
NowSecure strongly recommends deleting the DeepSeek iOS app from both managed and personal devices. The cybersecurity firm advises users to seek alternative AI chatbot solutions that prioritize robust security measures and data protection.
DeepSeek’s security vulnerabilities are not the only cause for concern. Microsoft, a major investor in OpenAI, a competitor of DeepSeek, is investigating whether DeepSeek employed unethical methods to train its reasoning models, potentially infringing on intellectual property rights. Separate concerns have also been raised regarding potential censorship practices within the app.
Considering the numerous controversies surrounding DeepSeek, deleting the app from your device appears to be a prudent course of action. With several alternative AI chatbot options available, including the newly released Le Chat, users have safer alternatives for their AI-powered conversational needs.
