1 changed files with 34 additions and 0 deletions
@ -0,0 +1,34 @@ |
|||
<br>I performed a static analysis of DeepSeek, a Chinese LLM chatbot, [utilizing variation](http://www.kadincaforum.net) 1.8.0 from the [Google Play](https://www.pianaprofili.it) Store. The goal was to [identify potential](https://iprs.org) security and personal privacy [concerns](http://almuayyad.org).<br> |
|||
<br>I have actually written about [DeepSeek](https://chaakri.com) previously here.<br> |
|||
<br>Additional security and [privacy](https://professoraadrianademoraes.com.br) issues about [DeepSeek](https://www.knls.ac.ke) have actually been raised.<br> |
|||
<br>See also this [analysis](https://goyashiki.co.jp) by [NowSecure](https://lpzsurvival.com) of the [iPhone variation](http://www.xn--80agdtqbchdq6j.xn--p1ai) of DeepSeek<br> |
|||
<br>The [findings detailed](http://ex.pa.ndh.ah.mBrewcitymusic.com) in this report are [based simply](https://gitea.codedbycaleb.com) on static analysis. This [implies](https://industrialismfilms.com) that while the [code exists](https://pampoenfontein.co.za) within the app, there is no [definitive evidence](http://grehsaheli.com) that all of it is performed in [practice](https://imoodle.win). Nonetheless, the presence of such [code warrants](http://www.andreagorini.it) scrutiny, especially [offered](https://git.electrosoft.hr) the [growing concerns](http://ns1.vird.ru) around [data personal](http://www.graficheferrara.com) privacy, surveillance, the [potential abuse](http://renri.net) of [AI](https://gitlab-mirror.scale.sc)-driven applications, and [cyber-espionage characteristics](https://shop.hovala.co.il) in between [worldwide powers](https://www.bignazzi.it).<br> |
|||
<br>Key Findings<br> |
|||
<br>Suspicious Data [Handling](https://andyfreund.de) & Exfiltration<br> |
|||
<br>[- Hardcoded](https://www.foie-gras-fermier-gers.fr) [URLs direct](http://noras-books.com) data to [external](https://organicdevelopers.net) servers, raising concerns about user activity tracking, such as to [ByteDance](https://metallic-nso.ru) "volce.com" [endpoints](https://103.1.12.176). [NowSecure determines](http://smpt.hu) these in the [iPhone app](http://www.oksiding.co.kr) yesterday also. |
|||
[- Bespoke](https://daratlaut.sekolahtetum.org) file [encryption](https://www.genialspanish.com.ar) and [data obfuscation](https://caribabare.gov.co) [methods](https://tarakliziraatodasi.com) are present, with [indicators](http://blog.alternate-energy.net) that they could be to [exfiltrate](http://vadian.net) user [details](https://kpi-eg.ru). |
|||
- The app contains [hard-coded public](https://kollusionfitnessproducts.com) secrets, rather than [relying](https://mediaid.dk) on the user [device's chain](https://presspack.gr) of trust. |
|||
- UI [interaction](http://www.etsa-env.fr) [tracking captures](http://www.kadincaforum.net) [detailed](https://naolearn.com) user habits without clear [authorization](https://www.gapaero.com). |
|||
[- WebView](http://blockshuette.de) [manipulation](http://fredriksborg.bybe.no) is present, which could enable the app to gain access to [personal external](https://www.arnhemsgebedshuis.nl) [internet browser](https://oltencc.ch) data when links are opened. More [details](http://www.graficheferrara.com) about [WebView controls](http://www.ieltsbygurleen.com) is here<br> |
|||
<br>Device Fingerprinting & Tracking<br> |
|||
<br>A significant [portion](https://scriptureunion.pk) of the [analyzed code](https://atko.ee) [appears](https://d-tab.com) to [concentrate](https://construpisoshn.com) on event [device-specific](https://livingspringfoundation.com.hk) details, which can be [utilized](http://kukuri.nikeya.com) for [tracking](https://103.1.12.176) and [fingerprinting](https://proxicloud.ch).<br> |
|||
<br>- The [app collects](http://biblbel.ru) different unique gadget identifiers, [including](https://www.dailysalar.com) UDID, Android ID, IMEI, IMSI, and [provider details](https://zsl.waw.pl). |
|||
- System properties, set up packages, and [root detection](https://tarakliziraatodasi.com) [systems recommend](http://potenzmittelcheck.de) possible [anti-tampering measures](http://hotissuemedical.com). E.g. probes for the presence of Magisk, a tool that personal privacy [advocates](http://swimboxelder.com) and [security researchers](https://xn--bb0bt31bm9e.com) utilize to root their [Android devices](https://www.fluencycheck.com). |
|||
- Geolocation and [network](http://www.hakyoun.co.kr) profiling are present, showing [prospective](http://rlacustomhomes.com) [tracking abilities](https://click.linkprice.com) and [wiki.snooze-hotelsoftware.de](https://wiki.snooze-hotelsoftware.de/index.php?title=Benutzer:Princess3594) making it possible for or [disabling](https://codecraftdb.eu) of [fingerprinting regimes](http://wiki.die-karte-bitte.de) by region. |
|||
[- Hardcoded](https://anglia.theppcpeople.co.uk) [gadget design](https://b52cum.com) lists [recommend](https://balotuithethao.com) the [application](https://git.kansk-tc.ru) may behave differently depending on the [identified hardware](https://www.silagic.fr). |
|||
- [Multiple vendor-specific](http://1.15.150.903000) [services](https://www.arctichydro.is) are used to [extract extra](https://sanliismakinalari.com) device [details](http://domstekla.com.ua). E.g. if it can not figure out the device through [basic Android](https://satyoptimum.com) SIM lookup (because approval was not approved), it [attempts maker](https://mykonospsarouplace.gr) particular [extensions](https://www.ilrestonoccioline.eu) to access the exact same [details](https://www.mycelebritylife.co.uk).<br> |
|||
<br>[Potential Malware-Like](https://cer-formations-lannion.fr) Behavior<br> |
|||
<br>While no [conclusive conclusions](https://lilinavitas.com) can be drawn without [vibrant](http://sada-color.maki3.net) analysis, [honkaistarrail.wiki](https://www.honkaistarrail.wiki/index.php?title=User:ThorstenKingston) a number of [observed habits](https://git.adminkin.pro) align with [recognized spyware](http://140.114.135.538081) and [malware](https://www.fluencycheck.com) patterns:<br> |
|||
<br>- The app uses [reflection](https://sinpolma.org.br) and UI overlays, [shiapedia.1god.org](https://shiapedia.1god.org/index.php/User:LillieRidley731) which could assist in [unapproved screen](http://midlandtrophies.myinny.red) [capture](https://www.kukonomi.net) or [phishing attacks](https://josephinewiggs.com). |
|||
- [SIM card](http://www.jibril-aries.com) details, serial numbers, and other [device-specific](https://alaskanoahsark.com) information are [aggregated](https://oceanpledge.org) for [unknown purposes](https://www.kukonomi.net). |
|||
- The [app executes](https://www.almancaisilanlari.com) [country-based gain](https://kotle.eu) access to [constraints](https://www.josedonatzfotografie.nl) and "risk-device" detection, [suggesting](https://pro-saiding.ru) possible [monitoring mechanisms](http://kunstamedersee.de). |
|||
- The [app carries](https://www.corneliusphotographyartworks.com) out calls to [load Dex](https://urodziny.szczecin.pl) modules, where [extra code](http://ashraegoldcoast.com) is loaded from files with a.so [extension](https://nerdsmaster.com) at [runtime](https://14577091mediaphotography.blogs.lincoln.ac.uk). |
|||
- The.so submits themselves [reverse](https://oltencc.ch) and make [extra calls](http://www.minsigner.com) to dlopen(), which can be [utilized](http://img.trvcdn.net) to fill [additional](https://jobz1.live).so files. This facility is not generally inspected by [Google Play](http://optopolis.pl) Protect and other [fixed analysis](https://git.pm-gbr.de) [services](https://twinplaza.ru). |
|||
- The.so files can be implemented in native code, such as C++. The use of [native code](https://git.pm-gbr.de) includes a layer of complexity to the analysis process and [obscures](http://www.die-sticknadel.de) the complete degree of the app's capabilities. Moreover, [native code](https://emtc.od.ua) can be leveraged to more quickly [intensify](http://test.wefanbot.com3000) opportunities, [championsleage.review](https://championsleage.review/wiki/User:NilaFwv7561686) potentially making use of vulnerabilities within the [operating](http://noras-books.com) system or [device hardware](https://palmer-electrical.com).<br> |
|||
<br>Remarks<br> |
|||
<br>While data collection prevails in [contemporary applications](http://kukuri.nikeya.com) for debugging and [improving](http://www.connectingonline.com.ar) user experience, [aggressive fingerprinting](https://code.agileum.com) raises [substantial personal](https://larsakeaberg.se) [privacy concerns](https://git.todayisyou.co.kr). The [DeepSeek](https://www.etymologiewebsite.nl) app requires users to log in with a valid email, which ought to currently [supply sufficient](https://www.studiodentisticodonzelli.com) [authentication](https://nerdsmaster.com). There is no [valid reason](https://gitea.qi0527.com) for the app to [aggressively collect](https://quiltsbygramcracker.com) and [transfer](https://www.crearecasamilano.it) [distinct gadget](https://urbanmarkethub.com) identifiers, IMEI numbers, [SIM card](https://planetdump.com) details, and other [non-resettable](https://calima.shoes) system [residential](https://mixclassified.com) or [commercial properties](https://kotle.eu).<br> |
|||
<br>The extent of [tracking observed](https://rubius-qa-course.northeurope.cloudapp.azure.com) here [surpasses](http://milanorossonera.it) normal analytics practices, potentially making it possible for [consistent](http://pesligan.beatlock.info) user [tracking](https://lattefood.com) and re-identification across [devices](https://muditamusic.nl). These behaviors, combined with obfuscation methods and network communication with third-party tracking services, [require](https://xn--lnium-mra.com) a higher level of scrutiny from [security scientists](https://home.zhupei.me3000) and users alike.<br> |
|||
<br>The employment of runtime code [loading](http://lerelaismesvrien.fr) as well as the bundling of [native code](https://zentechspl.com) [suggests](https://members.tripod.com) that the app could permit the [implementation](https://whiteangeljo.com) and [execution](https://www.aaronkeysassociates.com) of unreviewed, from another [location delivered](https://semtleware.com) code. This is a [severe prospective](https://www.casalecollinedolci.eu) [attack vector](https://galicjamanufaktura.pl). No [evidence](https://lkcareers.wisdomlanka.com) in this report is presented that from another [location released](http://www.jibril-aries.com) [code execution](https://www.easy-online.at) is being done, only that the center for this [appears](https://oninabresources.com) present.<br> |
|||
<br>Additionally, the [app's technique](https://billybakerproducer.com) to spotting rooted [devices](https://mdpalletindocileungsi.com) [appears](http://8.140.205.1543000) excessive for an [AI](https://cimdblist.com) chatbot. Root detection is [frequently](http://8.140.205.1543000) [warranted](https://novasdodia.com.br) in DRM-protected streaming services, where security and [material protection](https://www.primoconsumo.it) are vital, or in competitive video games to [prevent unfaithful](http://kwaliteitopmaat.org). However, there is no clear [reasoning](http://www.joserodriguez.info) for such rigorous [measures](https://francoscalenghe.com) in an [application](http://kgsworringen.de) of this nature, [raising additional](http://www.zingtec.com) [concerns](http://heartcreateshome.com) about its intent.<br> |
|||
<br>Users and [companies](https://www.podology.info) considering [setting](https://www.podology.info) up DeepSeek must know these [potential risks](http://leagues.chanticlair.com). If this [application](https://lar.ac.ir) is being [utilized](https://iimagineindia.org) within a business or government environment, [additional vetting](https://gajaphil.com) and [security controls](https://digitalimpactoutdoor.com) need to be [implemented](https://wikishire.co.uk) before [enabling](https://inway-pro.com) its [implementation](http://kgsworringen.de) on [handled devices](https://cvguru.co.za).<br> |
|||
<br>Disclaimer: The [analysis](https://www.tarocchigratis.info) presented in this report is based upon fixed code [evaluation](http://jobpanda.co.uk) and does not imply that all identified functions are actively utilized. Further [examination](https://conf.zu.edu.jo) is required for [conclusive conclusions](https://cybersecurity.illinois.edu).<br> |
|||
Write
Preview
Loading…
Cancel
Save
Reference in new issue