The findings follow a technical audit revealing critical security flaws, including unencrypted data transfers, deprecated encryption protocols, and deliberate bypassing of Apple’s App Transport Security (ATS) safeguards. Data Sovereignty Concerns: Despite some traffic routing through U.S.-based IPs, DeepSeek’s privacy policy confirms data storage in China, raising red flags under South Korea’s strict data localization laws. Disabled ATS Protections: DeepSeek’s iOS app globally disables ATS, a critical iOS security feature enforcing HTTPS encryption. With DeepSeek’s global app downloads surpassing 10 million, the incident serves as a cautionary tale for data sovereignty in an era of geopolitical tech rivalry. Cybersecurity experts warn that DeepSeek’s open-source model, while efficient, lacks transparency in training data sourcing and third-party SDK integrations. Weak Encryption Standards: The app employs 3DES (Triple Data Encryption Standard), a symmetric-key algorithm deprecated by NIST in 2016 due to vulnerabilities. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The PIPC’s investigation, supported by analyses from cybersecurity firms NowSecure and SecurityScorecard, uncovered alarming practices in DeepSeek’s iOS and Android applications. SQL Injection Risks: SecurityScorecard identified insecure database queries in DeepSeek’s backend, enabling potential unauthorized access to user records. Security researchers also detected connections to Chinese state-linked domains, amplifying fears of potential surveillance under China’s National Intelligence Law. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 19 Feb 2025 13:35:04 +0000