© IE Online Media Services Pvt Ltd
Tags:
Journalism of Courage
DeepSeek, the AI chatbot that has been rivalling the likes of Gemini, ChatGPT and Copilot is reportedly sending unencrypted data to ByteDance, the company that owns TikTok.
According to NowSecure, a cybersecurity firm that focuses on mobile apps, the DeepSeek app on iPhones and iPads is sharing sensitive data over unprotected channels, meaning anyone who can monitor the traffic will be able to read your data. This also makes it easy for bad actors to intercept your data and use it for nefarious purposes.
While Apple actively encourages app developers to use a feature named App Transport Security (ATS) when sending, the firm found out that the functionality was disabled for reasons unknown. And even though some of the data is encrypted using the transport layer protocol, when it is decrypted on the server, threat actors can access it and match it with user data collected from elsewhere to identify specific users.
NowSecure’s report also suggests that the data being sent is stored on servers controlled by ByteDance, the parent company of Tiktok. Security experts say they stumbled across a bunch of other potentially concerning behaviours as well like DeepSeek using an encryption technique known as 3DES, which is known to break in practical attacks. As it turns out, the DeepSeek app on iOS also seems to be storing data insecurely and increases the risk of credential theft.
Since its launch around two weeks ago, DeepSeek has managed to overtake ChatGPT as the top free app on the Apple App Store. It is almost on par with OpenAI’s chatbot but is significantly cheaper.
