BrianKrebs on Nostr: You've probably read lots of stories about how the upstart Chinese AI chat company ...
You've probably read lots of stories about how the upstart Chinese AI chat company DeepSeek could be a security threat, but where's the beef? Well, the people at the mobile app security firm NowSecure have published a security and privacy analysis of the app's design and behavior, and it's not pretty. Here's the lede:
"New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three “free” downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek’s design choices — such as using hard-coded encryption keys, and sending unencrypted user and device data to Chinese companies — introduce a number of glaring security and privacy risks."
https://krebsonsecurity.com/2025/02/experts-flag-security-privacy-risks-in-deepseek-ai-app/ 
Published at
2025-02-06 21:47:26Event JSON
{
"id": "fad2429879e2ed211de9a90b22eaf3ea0215b6bebf23463053db5ae7f2a0d495",
"pubkey": "1a5ac5b37984c5e37a11bc914029a81f025326ea7950c9475d9a3f21a494cb56",
"created_at": 1738878446,
"kind": 1,
"tags": [
[
"imeta",
"url https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/959/057/511/514/988/original/3703a451c3bd97e1.png",
"m image/png",
"dim 854x476",
"blurhash UNPZ_-%0?EN1N2%Hs+N0~Q%HNKWDNLt5NJt5"
],
[
"proxy",
"https://infosec.exchange/users/briankrebs/statuses/113959137878220698",
"activitypub"
]
],
"content": "You've probably read lots of stories about how the upstart Chinese AI chat company DeepSeek could be a security threat, but where's the beef? Well, the people at the mobile app security firm NowSecure have published a security and privacy analysis of the app's design and behavior, and it's not pretty. Here's the lede:\n\n\"New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three “free” downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek’s design choices — such as using hard-coded encryption keys, and sending unencrypted user and device data to Chinese companies — introduce a number of glaring security and privacy risks.\"\n\nhttps://krebsonsecurity.com/2025/02/experts-flag-security-privacy-risks-in-deepseek-ai-app/\n\nhttps://media.infosec.exchange/infosec.exchange/media_attachments/files/113/959/057/511/514/988/original/3703a451c3bd97e1.png",
"sig": "31c2ec3798a2a18b0c972ed6bbedd9fa7b8acacdbe8b4e914d7972f11f5c327e0137df5c2999e586972cdb7c76d833479f1528a1f6a715870e1cc6ffc8e0fd29"
}
