Security Experts Weigh In on DeepSeek’s Data Security Concerns
Experts Slam DeepSeek’s Use of Unencrypted HTTP Endpoints
According to a recent report, popular social media app DeepSeek has been found to be using unencrypted HTTP endpoints, allowing sensitive data to be transmitted without encryption. This has raised concerns among security experts, who are warning that this could pose a significant risk to national security.
"Bad Idea" Says Thomas Reed
Thomas Reed, staff product manager for Mac endpoint detection and response at security firm Huntress, and an expert in iOS security, has expressed his concerns about DeepSeek’s use of unencrypted HTTP endpoints. "ATS being disabled is generally a bad idea," he wrote in an online interview. "That essentially allows the app to communicate via insecure protocols, like HTTP. Apple does allow it, and I’m sure other apps probably do it, but they shouldn’t. There’s no good reason for this in this day and age."
Even with Encryption, Security Experts Unwilling to Trust DeepSeek
Reed also emphasized that even if the app were to secure its communications, he would still be unwilling to send sensitive data to a server that the government of China could access. "Even if they were to secure the communications, I’d still be extremely unwilling to send any remotely sensitive data that will end up on a server that the government of China could get access to," he said.
Others Less Concerned about Chinese Companies’ Access to Data
HD Moore, founder and CEO of runZero, took a different view, expressing less concern about ByteDance or other Chinese companies having access to data. "The unencrypted HTTP endpoints are inexcusable," he wrote. "You would expect the mobile app and their framework partners (ByteDance, Volcengine, etc) to hoover device data, just like anything else—but the HTTP endpoints expose data to anyone in the network path, not just the vendor and their partners."
Government Reactions
On Thursday, US lawmakers began pushing to immediately ban DeepSeek from all government devices, citing national security concerns that the Chinese Communist Party may have built a backdoor into the service to access Americans’ sensitive private data. If passed, DeepSeek could be banned within 60 days.
Conclusion
The use of unencrypted HTTP endpoints by DeepSeek has sparked a heated debate among security experts, with some expressing concern about the potential risks to national security. As the debate continues, it is clear that the security of user data is a top priority.
FAQs
Q: What are unencrypted HTTP endpoints?
A: Unencrypted HTTP endpoints refer to the use of unsecured communication protocols, such as HTTP, to transmit sensitive data.
Q: Why is this a security risk?
A: Unencrypted data can be intercepted and accessed by anyone in the network path, including malicious actors and governments.
Q: Is this a common practice among apps?
A: No, using unencrypted HTTP endpoints is not a common practice among reputable apps. Many apps use encryption to protect user data.
Q: What is being done to address these concerns?
A: US lawmakers are pushing to ban DeepSeek from all government devices, citing national security concerns. The app’s developers have not commented on the issue.
