Egregious security gaps found in DeepSeek iOS app

Chinese artificial intelligence platform DeepSeek's app for iOS has been impacted by several security failures, the most crucial of which is the absence of encryption for sensitive information delivered over the internet, according to The Hacker News.

Aside from delivering unencrypted device and mobile app registration information to Volcano Engine servers owned by TikTok parent firm ByteDance due to the deactivation of the App Transport Security feature, DeepSeek's iOS app has also been leveraging an insecure symmetric encryption algorithm, a hardcoded encryption key, and old initialization vectors, an audit from NowSecure showed. Such a development comes as DeepSeek and Qwen, another newly emergent AI model, were reported by Check Point to have been increasingly exploited by threat actors to facilitate the generation of malicious content, including information-stealing malware and mass spam scripts. Meanwhile, escalating security concerns surrounding DeepSeek have already prompted the introduction of legislation banning the AI platform's usage in U.S. government-issued devices, which follows similar bans already implemented by Italy, Taiwan, Australia, and South Korea.