DeepSeek’s iOS app is a security nightmare, and that’s before you consider its TikTok links – Source: go.theregister.com

Infosec In Brief DeepSeek’s iOS app is a security nightmare that you should delete ASAP, according to researchers at mobile app infosec platform vendor NowSecure.

The org have assessed the security of the iOS version of DeepSeek – the third most popular app on the App Store as of writing – found it transmits data in plaintext, uses outdated ciphers, and hardcoded encryption keys. Further, the app doesn’t store credentials securely, extensively fingerprints users, and sends data to China.

That latter point has been well established before, as DeepSeek admits right in its privacy policy that it sends user data to China.

NowSecure found that DeepSeek uses ByteDance’s Volcano Engine public cloud service, meaning the Chinese chatbot is now tangled up with TikTok’s owner.

Bad news if DeepSeek’s on your device, and even worse news if you’ve put it on a company-owned iPhone.

The privacy and national security concerns surrounding DeepSeek have quickly attracted attention from US regulators keen to promote US AI spending keep Americans safe, which is why US representatives Josh Gottheimer (D-NJ) and Darin LaHood (R-IL) have teamed up to introduce the No DeepSeek on Government Devices Act.

While text of the bill isn’t yet available, the legislators said its provisions would live up to its name. The pair note that research has shown DeepSeek code “is directly linked to the Chinese Communist Party,” and is capable of relaying user information to China Mobile, a telecom firm owned by the Chinese government and sanctioned by the US.

To be on the safe side, you may as well just download a locally-run DeepSeek model that doesn’t transmit data – while you can, at least.

HPE warns staff of data breach

Hewlett Packard Enterprise last week advised staff their person info may have been lifted from cloud email environment after a nation-state attack.

The enterprise tech giant sent staff a letter [PDF] warning them of the incident. The impact seems low, as the State of Massachusetts data breach notification report states that just ten employees are impacted.

HPE revealed an attack that sounds a lot like this one in January 2024, and named Russia’s notorious Cozy Bear crew as the responsible party.

Others have reported that the attack was directed at an Office 365 instance.

– Simon Sharwood

Spanish police suspected attacker who breached NATO, US Army

He might have been good – so good that he managed to “set up a complex technological network … through which he had managed to hide his tracks,” per Spanish police – but an alleged Spanish hacker with a penchant for hitting high-profile targets has been busted.

Spanish law enforcement caught the alleged attacker, who Spanish media reported is 18 years old and goes by “Natohub,” after spending a year tracking him following reports from a Madrid business association that found its files leaked online.

Natohub is alleged to have also targeted NATO, the United Nations, the US Army, and multiple government ministries in Spain.

The teenage suspect reportedly bragged about his prowess on dark web forums, while selling stolen data for cryptocurrency, an unspecified sum of which was recovered by law enforcement.

The suspect remains unidentified, per Spanish media.

IMI experiences ‘cyber incident’

UK engineering giant IMI plc admitted to “unauthorized access” of its systems last week.

The company has not detailed the incident, other than to say it “engaged external cyber security experts to investigate and contain the incident” and is taking necessary steps to comply with regulatory reporting requirements including reporting the matter to the London Stock Exchange.

IMI declined to comment to The Register beyond its initial statement. It’s not clear if data was stolen in the incident, whether ransomware was involved, or anything else, for that matter.

The attack makes IMI the second UK engineering giant to admit to a cyberattack after fellow firm Smiths Group copped to a similar breach of its systems at the end of January. As was the case with IMI, Smiths didn’t admit too much, only saying that the incident “involved unauthorized access to the company’s systems.”

Salesforce software being used in Facebook phishing campaign

Received an email from Facebook warning you of copyright infringement? Better double-check the sender, as Check Point said this week that it’s spotted a new wave of phishing emails that use a Salesforce email address.

The campaign, which Check Point believes began in December, has been mainly targeting businesses in the EU, US and Australia and is using an automated email service from Salesforce to send messages. Whoever runs the campaign hasn’t bothered to change the address it’s being sent from, so all messages originate from noreply@salesforce.com.

The messages themselves all look pretty suspicious and accuse users of sharing copyrighted material. Clicking on a button to appeal the report takes users to a landing page that harvests their Facebook credentials.

Don’t click and fall for this, people! Instead, check the name of the sender – if it’s not coming from Facebook, ignore it. ®