A recent security audit of the popular DeepSeek mobile application for Apple iOS has uncovered severe vulnerabilities that pose significant risks to user privacy and data security. The assessment, conducted by NowSecure, revealed that the app transmits sensitive user and device data over the internet without any encryption, making it highly susceptible to interception and manipulation by malicious actors.
Unencrypted Data Transmission: A Critical Flaw
NowSecure’s analysis identified that DeepSeek’s iOS app sends certain mobile app registration and device data without employing encryption protocols. This lapse exposes the data to both passive eavesdropping and active attacks, where threat actors can intercept, modify, or inject malicious data during transmission.
“The DeepSeek iOS app sends some mobile app registration and device data over the Internet without encryption,” NowSecure reported. “This exposes any data in the internet traffic to both passive and active attacks.”
Weak Encryption Practices
Even in cases where encryption is applied, the audit found several implementation weaknesses. The app utilizes an outdated and insecure symmetric encryption algorithm, 3DES (Triple Data Encryption Standard), which has long been considered vulnerable to brute-force attacks. Additionally, the presence of hard-coded encryption keys and the reuse of initialization vectors further compromise the security of encrypted data, making it easier for attackers to decipher sensitive information.
App Transport Security (ATS) Disabled
One of the most alarming discoveries is the global disabling of App Transport Security (ATS) within the DeepSeek iOS app. ATS is an essential iOS security feature designed to enforce secure connections over HTTPS, ensuring data is encrypted during transmission. By disabling ATS, DeepSeek allows data to be sent over unencrypted channels, significantly increasing the risk of data breaches.
“Since this protection is disabled, the app can (and does) send unencrypted data over the internet,” NowSecure highlighted, emphasizing the potential for data interception.
Data Routing Through Chinese-Owned Servers
Compounding these security flaws is the fact that DeepSeek routes its data through servers managed by Volcano Engine, a cloud computing and storage platform owned by ByteDance, the Chinese tech giant behind TikTok. This connection raises geopolitical and privacy concerns, particularly given ongoing tensions surrounding data sovereignty and foreign surveillance.
Adding to the controversy, the Associated Press recently revealed that DeepSeek’s website transmits user login information to China Mobile, a state-owned telecommunications firm banned from operating in the United States due to national security concerns.
AI-Driven Threat Landscape
The security issues surrounding DeepSeek are not limited to data privacy alone. Cybersecurity firm Check Point has observed that threat actors are exploiting AI engines from DeepSeek, Alibaba Qwen, and OpenAI ChatGPT to develop sophisticated information stealers, create uncensored content, and optimize scripts for large-scale spam campaigns.
“As threat actors utilize advanced techniques like jailbreaking to bypass protective measures and develop info stealers, financial theft, and spam distribution, the urgency for organizations to implement proactive defenses against these evolving threats ensures robust defenses against potential misuse of AI technologies,” Check Point warned.
Global Backlash and Regulatory Scrutiny
The app’s ties to Chinese entities have sparked widespread concern among governments worldwide. U.S. lawmakers are advocating for a nationwide ban on DeepSeek from government devices, citing risks that the app could be used to funnel sensitive information to Beijing. Several countries, including Australia, Italy, the Netherlands, Taiwan, and South Korea, along with key U.S. government agencies such as Congress, NASA, the Navy, the Pentagon, and the state of Texas, have already instituted bans on DeepSeek from official devices.
Target of Cyberattacks and Fraudulent Schemes
DeepSeek’s rapid rise in popularity has also made it a prime target for cybercriminal activities. Chinese cybersecurity firm XLab reported that the app has been subjected to sustained distributed denial-of-service (DDoS) attacks originating from notorious Mirai botnet variants, including hailBot and RapperBot.
Moreover, cybercriminals are exploiting the app’s fame by creating lookalike websites designed to distribute malware, orchestrate fake investment scams, and run fraudulent cryptocurrency schemes. These malicious activities not only endanger individual users but also contribute to the broader cybersecurity threat landscape.
Recommendations
Given the severity of the security flaws identified, both individual users and organizations should take immediate action to mitigate potential risks:
Uninstall the DeepSeek App: Users concerned about data privacy should consider removing the app until the company addresses these vulnerabilities.
Monitor for Suspicious Activity: Regularly check for unusual account activity and unauthorized access to personal information.
Implement Network Security Measures: Organizations should deploy network monitoring tools to detect unencrypted data transmissions and block connections to suspicious servers.
Advocate for Stronger Regulations: Governments and regulatory bodies should enforce stricter data protection laws to hold app developers accountable for security lapses.
Conclusion
The DeepSeek security revelations underscore the critical importance of robust encryption practices, transparent data handling policies, and rigorous security audits. As AI-driven applications continue to proliferate, ensuring their security becomes paramount to safeguarding user privacy and maintaining public trust. Until DeepSeek addresses these vulnerabilities, users and organizations alike must remain vigilant against potential data breaches and cyber threats.
Follow us on 
(Twitter) for real time updates and exclusive content.
Interesting Article : Critical Trimble Cityworks Flaw Under Attack: CISA Issues Urgent Alert