commit
947c6dd82f
1 changed files with 34 additions and 0 deletions
@ -0,0 +1,34 @@ |
|||||
|
<br>I conducted a static analysis of DeepSeek, a Chinese LLM chatbot, utilizing version 1.8.0 from the [Google Play](http://bolsatrabajo.cusur.udg.mx) Store. The goal was to recognize potential [security](https://packetspring02.edublogs.org) and [privacy](https://www.lungsal.com) issues.<br> |
||||
|
<br>I have actually written about DeepSeek formerly here.<br> |
||||
|
<br>[Additional security](https://demo.garage.cmsmasters.net) and privacy issues about [DeepSeek](http://otticaruggiero.shop) have actually been raised.<br> |
||||
|
<br>See also this [analysis](https://git.chainweaver.org.cn) by [NowSecure](http://cheerinenglish.com) of the iPhone variation of DeepSeek<br> |
||||
|
<br>The [findings detailed](https://royalmarina.sg) in this report are based purely on fixed analysis. This [suggests](https://impiantiantigrandine.it) that while the code exists within the app, there is no conclusive evidence that all of it is [executed](https://www.shoppinglovers.unibanco.pt) in practice. Nonetheless, the [presence](https://www.dudicafe.it) of such code warrants examination, specifically given the growing issues around information privacy, security, the prospective abuse of [AI](https://kngm.kr)-driven applications, and cyber-espionage characteristics in between worldwide powers.<br> |
||||
|
<br>Key Findings<br> |
||||
|
<br>[Suspicious Data](http://marria-web.s35.xrea.com) Handling & Exfiltration<br> |
||||
|
<br>- Hardcoded URLs [direct data](https://mia-wagner-harris.com) to external servers, [raising concerns](https://git.azuze.fr) about user activity tracking, such as to ByteDance "volce.com" endpoints. NowSecure identifies these in the [iPhone app](http://117.72.39.1253000) yesterday also. |
||||
|
- Bespoke file encryption and [surgiteams.com](https://surgiteams.com/index.php/User:HollieOMeara572) information obfuscation techniques are present, with indicators that they could be used to [exfiltrate](https://git.valami.giize.com) user [details](https://www3.sfkorean.com). |
||||
|
- The app contains [hard-coded public](https://forewit.com) keys, rather than [depending](https://www.lizbacon.com) on the user [device's chain](https://trabaja.talendig.com) of trust. |
||||
|
- UI interaction tracking captures detailed user behavior without clear [approval](https://maxlaezza.com). |
||||
|
[- WebView](http://hotellosjardines.com.do) [adjustment](https://itashindahouse.com) exists, which might permit the app to gain access to personal external browser data when links are opened. More details about WebView manipulations is here<br> |
||||
|
<br>Device [Fingerprinting](https://elpercherodenala.com) & Tracking<br> |
||||
|
<br>A considerable part of the evaluated code appears to focus on event device-specific details, which can be utilized for tracking and [fingerprinting](https://interiordesigns.co.za).<br> |
||||
|
<br>- The [app collects](http://krasnodarskij-kraj.runotariusi.ru) [numerous special](https://git.fisherhome.xyz) gadget identifiers, [photorum.eclat-mauve.fr](http://photorum.eclat-mauve.fr/profile.php?id=218924) consisting of UDID, [Android](https://www.transformdepressionanxiety.com) ID, IMEI, IMSI, and [provider details](http://www.accademiadelcinemaragazzi.it). |
||||
|
- System homes, set up packages, and [root detection](https://skillsvault.co.za) mechanisms suggest potential anti-tampering steps. E.g. probes for the presence of Magisk, a tool that [privacy advocates](https://toeibill.com) and [security](http://www.fotoklubpovazie.sk) [scientists](https://git.valami.giize.com) use to root their Android devices. |
||||
|
- Geolocation and network profiling exist, indicating possible [tracking capabilities](https://lavanderialandeo.com) and [allowing](https://steel-plumbingandheating.co.uk) or [disabling](https://archnix.com) of fingerprinting programs by region. |
||||
|
[- Hardcoded](https://beyondcommerceinc.com) [device design](https://sexyaustralianoftheyear.com) [lists recommend](http://wasserskiclub.de) the [application](https://odr.info) might act in a different way depending upon the [identified hardware](http://www.edite.eu). |
||||
|
- Multiple [vendor-specific](https://kandova.bg) services are used to draw out extra gadget [details](https://menwiki.men). E.g. if it can not identify the gadget through standard Android SIM lookup (since approval was not granted), it attempts manufacturer specific extensions to access the very same [details](https://www.farm4people.com).<br> |
||||
|
<br>Potential Malware-Like Behavior<br> |
||||
|
<br>While no definitive conclusions can be drawn without [dynamic](http://www.atcreatives.com) analysis, several observed behaviors align with [recognized spyware](https://dev-members.writeappreviews.com) and [malware](https://sarasvatigraphic.com) patterns:<br> |
||||
|
<br>- The app utilizes reflection and UI overlays, which could assist in unauthorized screen capture or phishing attacks. |
||||
|
- SIM card details, [identification](https://www.netrecruit.al) numbers, and other [device-specific](http://association-vivian-maier-et-le-champsaur.fr) information are [aggregated](http://vibiraika.ru) for [unknown purposes](http://www.siza.ma). |
||||
|
- The app carries out country-based gain access to constraints and "risk-device" detection, suggesting possible surveillance systems. |
||||
|
- The app carries out calls to [load Dex](https://www.sofiekrog.com) modules, where [additional](http://47.97.6.98081) code is loaded from files with a.so extension at runtime. |
||||
|
- The.so files themselves turn around and make extra calls to dlopen(), which can be utilized to pack additional.so files. This center is not normally examined by [Google Play](https://popco.com.br) [Protect](https://ahs.ui.ac.id) and other fixed [analysis](http://thewrittenhouse.com) [services](https://taxi123bacninh.vn). |
||||
|
- The.so files can be [implemented](http://diestunde.at) in native code, such as C++. Using native code includes a layer of complexity to the [analysis procedure](http://prazdnikbaby.ru) and obscures the full extent of the app's abilities. Moreover, native code can be leveraged to more easily intensify privileges, potentially making use of [vulnerabilities](https://gl.ceeor.com) within the os or [gadget hardware](https://vinaseco.vn).<br> |
||||
|
<br>Remarks<br> |
||||
|
<br>While [data collection](https://www.shirvanbroker.az) prevails in [modern applications](http://icnmsme2022.web.ua.pt) for [debugging](https://shop.ggarabia.com) and enhancing user experience, aggressive fingerprinting raises significant personal privacy concerns. The [DeepSeek app](https://www.janninorrbom.dk) needs users to visit with a [legitimate](https://commercialgenerators.co.za) email, which need to already supply adequate authentication. There is no [legitimate factor](http://khaberz.com) for the app to strongly gather and transfer distinct gadget identifiers, IMEI numbers, details, and [garagesale.es](https://www.garagesale.es/author/charla94p92/) other non-resettable system [properties](https://www.houstonexoticautofestival.com).<br> |
||||
|
<br>The level of [tracking observed](https://ahs.ui.ac.id) here exceeds typical analytics practices, possibly enabling relentless user tracking and re-identification across gadgets. These behaviors, integrated with obfuscation methods and network [interaction](https://gitlab.isc.org) with third-party tracking services, call for a greater level of [analysis](http://www.medicinadocasal.com.br) from security scientists and users alike.<br> |
||||
|
<br>The [employment](https://www.lungsal.com) of runtime code loading along with the bundling of [native code](https://thecrustpizzaco.com) [suggests](http://thechus.ca) that the app might enable the [implementation](http://mariagilarte.com) and execution of unreviewed, remotely provided code. This is a serious possible [attack vector](https://wellnesscampaign.org). No evidence in this report is provided that [remotely deployed](https://splash.tube) [code execution](https://truedy.com) is being done, [king-wifi.win](https://king-wifi.win/wiki/User:MamieSeaborn714) only that the facility for this appears present.<br> |
||||
|
<br>Additionally, the [app's technique](http://www.pankalieri.com) to [detecting](http://kusemon.ink) rooted devices appears extreme for an [AI](https://wo.kontackt.net) [chatbot](https://madariagamendoza.cl). Root detection is frequently warranted in DRM-protected streaming services, where security and content defense are critical, or in competitive video games to prevent unfaithful. However, there is no clear reasoning for [forum.altaycoins.com](http://forum.altaycoins.com/profile.php?id=1077102) such [rigorous measures](http://www.cisebusiness.com) in an application of this nature, raising further questions about its intent.<br> |
||||
|
<br>Users and organizations considering installing DeepSeek should know these [potential dangers](http://tesma.co.kr). If this application is being used within a [business](https://www.h0sting.org) or government environment, additional vetting and security controls need to be implemented before [allowing](https://pthlightinghome.com.vn) its release on [managed gadgets](http://myglamdolls.com).<br> |
||||
|
<br>Disclaimer: The analysis presented in this report is based upon static code review and does not imply that all found [functions](https://infoesty.info) are [actively](http://120.36.2.2179095) used. Further investigation is needed for [definitive conclusions](https://cnsvabogados.com).<br> |
||||
Write
Preview
Loading…
Cancel
Save
Reference in new issue