DeepSeek iOS App Poses Major Privacy Risks

Security Alert: DeepSeek iOS App Poses Major Privacy Risks

Cybersecurity researchers at NowSecure have issued a stark warning about the iOS version of DeepSeek, currently the third most popular app on the App Store. Their analysis reveals serious security flaws, making the app a major privacy risk that users should delete immediately.

According to NowSecure’s findings, DeepSeek:

Transmits data in plaintext, making it vulnerable to interception.
Uses outdated encryption ciphers and hardcoded keys, weakening security.
Fails to securely store credentials, exposing user data.
Extensively fingerprints users for tracking purposes.
Sends data to China, as confirmed by DeepSeek’s own privacy policy.

Additionally, DeepSeek relies on ByteDance’s Volcano Engine, tying it to TikTok’s parent company, further raising privacy and regulatory concerns.

For personal devices, this poses a significant security risk. For company-owned iPhones, the risks are even greater, especially regarding data privacy and compliance.

US Regulators Take Action

DeepSeek’s security risks have drawn scrutiny from U.S. lawmakers concerned about national security and data privacy. Representatives Josh Gottheimer (D-NJ) and Darin LaHood (R-IL) have introduced the No DeepSeek on Government Devices Act, seeking to ban the app from government-issued phones.

While the full text of the bill is not yet available, legislators cite research indicating that DeepSeek’s code is “directly linked to the Chinese Communist Party” and capable of transmitting user data to China Mobile, a Chinese state-owned telecom firm sanctioned by the U.S.

For those concerned about data security, the safest approach is to remove DeepSeek from your device and, if necessary, switch to a locally-run model that does not transmit data externally.

HPE Warns Employees of Data Breach

Meanwhile, Hewlett Packard Enterprise (HPE) has notified employees of a nation-state attack that may have compromised personal data.

In a letter sent to staff, HPE disclosed that an unauthorized party accessed its cloud email environment, potentially exposing employee information. While the impact appears limited—only ten employees were affected, according to Massachusetts’ data breach report—the breach raises concerns about targeted cyberattacks on enterprise tech firms.

HPE had previously disclosed a similar attack in January 2024, attributing it to Russia’s Cozy Bear hacking group, which is known for infiltrating high-profile networks. Reports suggest this latest breach also targeted Microsoft Office 365 accounts, highlighting ongoing threats to corporate cloud environments.

Takeaway

From DeepSeek’s security risks to HPE’s cyberattack, these incidents underscore the importance of data privacy, secure app usage, and robust enterprise security measures. Whether for personal or corporate security, staying informed and taking proactive steps is critical in today’s evolving digital landscape.