A recent security audit by NowSecure has uncovered significant vulnerabilities in DeepSeek’s iOS mobile application. The investigation revealed that the app transmits sensitive data without encryption, making it susceptible to interception and manipulation.

Key Security Issues:
– Unencrypted data transmission
– Disabled App Transport Security (ATS)
– Weak encryption implementation using 3DES
– Hard-coded encryption keys
– Reused initialization vectors

Data Privacy Concerns:
The app sends user information to Volcano Engine servers, owned by ByteDance (TikTok’s parent company). Additionally, DeepSeek’s website transmits login data to China Mobile, a state-owned telecommunications company banned in the US.

Global Response:
Multiple countries and organizations have banned DeepSeek on government devices:
– Australia
– Italy
– Netherlands
– Taiwan
– South Korea
– Various US government agencies (Congress, NASA, Navy, Pentagon)
– Indian government departments

Security Threats:
– AI engines being exploited by threat actors for malware development
– Sustained DDoS attacks from Mirai botnets
– Emergence of fraudulent DeepSeek clone sites spreading malware
– Cryptocurrency scams and fake investment schemes

The app’s security vulnerabilities and Chinese connections have prompted US lawmakers to advocate for nationwide restrictions on government devices, citing potential data security risks to Beijing.