The Cyber Security Company warns companies and institutions against using a famous application from the obstetric company Deepseek, saying that the program contains a number of security weaknesses that may display user data.
Deepseek application, which shocked the stock market when he moved to the top of the Apple App Store in January, transmits non -encrypted data online and stores user names, passwords and other credentials, according to A. analysis By NoWsecure Safety Company.
The weaknesses that the company found affects the mobile phone application through which many users reach Deepseek AI models, not the same forms, which can also be operated locally on the user device or through a separate hosting platform.
“Since mobile applications are rapidly changing, which is the surface of an unintended attack, they pose a very real danger to companies and consumers.” “Deepseek is prominent, but it is not unique.”
In the DEPSEK performance analysis on real phones, the NoWsecure found that the iPhone version came with an important safety feature designed by Apple.
Analysts wrote: “Deepseek iOS in the world disables the ATS transfer safety (ATS), which is a protection from the iOS platform that prevents sensitive data from sending it via non -encrypted channels,” the analysts wrote. “Since this protection is broken, the application (and does not) can send non -encrypted data online.”
The lack of encryption users can make attacks in the middle, as a person with control over the network on which the device continues to display or modify communications between the user and Deepseek servers.
Nowsecure also found that in some cases, the Deepseek app was lagging behind the cache of sensitive information, including the username and password, in a non -encrypted file on the device that can be reviewed by a striker that acquires material access or distance to the device.
Other identified weaknesses are more common among mobile applications. For example, analysts decided that Deepseek collects a variety of data around the network and the device on which the application works can be combined with other information and used by data brokers, or there is likely to be more intense representatives, to track and monitor a user.
The NoWsecure report comes as many governments prohibit their employees from using Deepseek due to security weaknesses and the fact that the company is based in China.
On Monday, New York Governor Cathy Hochol Declare State employees were prevented from using Deepseek models on their devices.
Congress Currently study A bill that would implement a similar embargo at the federal level, South Korea, Australia and Taiwan governments already Obtained arrival To Deepseek models on official devices.
https://gizmodo.com/app/uploads/2025/01/DeepSeek-iPhone-App.jpg
Source link