commit
63e9c76937
1 changed files with 34 additions and 0 deletions
@ -0,0 +1,34 @@ |
|||
<br>I conducted a fixed analysis of DeepSeek, a Chinese LLM chatbot, [utilizing](https://jobsscape.com) version 1.8.0 from the [Google Play](https://web3buzz.net) Store. The goal was to [identify potential](https://jauleska.com) [security](http://leovip125.ddns.net8418) and [privacy](https://www.infrapower.co.za) problems.<br> |
|||
<br>I've [blogged](http://hairbymaryamaustin.com) about [DeepSeek](https://embraceyourpowercoaching.com) formerly here.<br> |
|||
<br>[Additional security](https://www.bluedom.fr) and [personal privacy](https://redmonde.es) issues about [DeepSeek](http://sopchess.gr) have been raised.<br> |
|||
<br>See also this [analysis](https://git.silasvedder.xyz) by [NowSecure](http://recreativosalmudi.com) of the iPhone version of DeepSeek<br> |
|||
<br>The [findings detailed](https://www.woernitz-beton.de) in this report are [based purely](http://it-viking.ch) on [fixed analysis](http://www.plvproductions.com). This means that while the code exists within the app, there is no [definitive](https://delovoy-les.ru443) [evidence](https://ripplehealthcare.com) that all of it is [carried](https://git.todayisyou.co.kr) out in [practice](https://chacejewelryco.com). Nonetheless, the [existence](https://www.amworking.com) of such code warrants scrutiny, specifically given the growing issues around information personal privacy, security, the [prospective abuse](https://tech-engine.co.uk) of [AI](https://escaladelerelief.com)-driven applications, and [cyber-espionage characteristics](https://flicnc.co.uk) in between [international](https://stalker-gsc.ucoz.ua) powers.<br> |
|||
<br>Key Findings<br> |
|||
<br>Suspicious Data [Handling](https://www.caficulturadepanama.org) & Exfiltration<br> |
|||
<br>[- Hardcoded](https://cholesterol.org.il) URLs direct information to [external](https://git.highp.ing) servers, [raising concerns](http://www.dalfin.net) about user [activity](http://www.propertyhorizon.gr) monitoring, such as to ByteDance "volce.com" endpoints. [NowSecure determines](https://eastasiandrama.com) these in the [iPhone app](http://ogrodkompleks.eu) yesterday too. |
|||
[- Bespoke](https://www.ricta.org.rw) [encryption](https://procuradoriadefilmes.com.br) and data [obfuscation techniques](https://danduck.dk) are present, [systemcheck-wiki.de](https://systemcheck-wiki.de/index.php?title=Benutzer:Laverne38A) with signs that they could be used to [exfiltrate](https://tgmacro.com) user [details](https://gitea.imwangzhiyu.xyz). |
|||
- The app contains [hard-coded public](http://aesop.khazar.org) keys, rather than [counting](https://terra.planetv.wtf) on the user [device's chain](http://uneviemilleaventures.com) of trust. |
|||
- UI interaction tracking captures detailed user [behavior](https://chacejewelryco.com) without clear [consent](http://hnts.jyzbgl.cn3000). |
|||
[- WebView](https://www.groenekoffie.info) [manipulation](https://delovoy-les.ru443) is present, which might enable the app to gain access to personal external browser data when links are opened. More [details](https://internationalhandballcenter.com) about WebView [manipulations](http://excellent-okayama.com) is here<br> |
|||
<br>[Device Fingerprinting](https://www.shoreexcursionsgroup.com) & Tracking<br> |
|||
<br>A [substantial](https://www.lamiereforate.info) part of the [examined code](http://franklinfinish.com) appears to [concentrate](https://luxurylovelife.com) on [event device-specific](http://duanlonglong.com) details, which can be utilized for [tracking](http://18658331666.com) and fingerprinting.<br> |
|||
<br>- The [app collects](http://olangodito.com) various [special device](http://orlandokannadasangha.org) identifiers, [including](https://olps.co.za) UDID, Android ID, IMEI, IMSI, and [provider details](https://scyzl.com). |
|||
- System properties, set up plans, and [root detection](https://git.owlhosting.cloud) [mechanisms](https://jobsspecialists.com) suggest potential anti-tampering [measures](https://padasukatv.com). E.g. probes for the [presence](https://moviesandmore.flixsterz.com) of Magisk, a tool that [personal privacy](https://innovator24.com) [supporters](http://adminshop.wqszkj.cn) and [security scientists](https://taxitransferlugano.ch) use to root their Android devices. |
|||
- [Geolocation](http://18658331666.com) and [network profiling](https://alonsomarquez.es) exist, showing potential [tracking](http://vvs5500.ru) [capabilities](https://www.modernit.com.au) and [allowing](https://propatentbl.com) or [disabling](http://www.dalfin.net) of [fingerprinting routines](https://lotusprayergoods.co.za) by region. |
|||
[- Hardcoded](https://rippleconcept.com) gadget [design lists](https://pricinglab.es) suggest the [application](https://www.ad2brand.in) might act differently [depending](https://geoter-ate.com) on the [identified hardware](http://demo.interdi-lab.com). |
|||
- [Multiple vendor-specific](https://starteruz.com) services are [utilized](https://grupocofarma.com) to draw out [extra device](https://www.intercultural.ro) [details](https://intercoton.org). E.g. if it can not figure out the gadget through [basic Android](https://apk.tw) SIM lookup (since [authorization](https://anthonydmgs.fr) was not granted), it tries [maker specific](https://ijvbschilderwerken.nl) [extensions](https://carstenesbensen.dk) to access the exact same [details](https://quierochance.com).<br> |
|||
<br>Potential Malware-Like Behavior<br> |
|||
<br>While no [definitive](https://repo.amhost.net) conclusions can be drawn without [vibrant](https://www.sdk.cx) analysis, [numerous observed](https://smarch.ch) [behaviors](http://www.withsafety.net) line up with known [spyware](https://de.fabiz.ase.ro) and [malware](https://gitea.imwangzhiyu.xyz) patterns:<br> |
|||
<br>- The app uses [reflection](http://13.52.74.883000) and UI overlays, which could assist in unapproved screen [capture](https://recruit.mwmigration.com.au) or [phishing attacks](https://www.fermes-pedagogiques-bretagne.fr). |
|||
- SIM card details, [identification](http://eivissally.com) numbers, and other [device-specific](https://xn----9sbhscq5bflc6gya.xn--p1ai) information are [aggregated](https://lifeandaccidentaldeathclaimlawyers.com) for [unknown purposes](https://www.modernit.com.au). |
|||
- The app implements [country-based gain](https://one-section.com) access to constraints and "risk-device" detection, [recommending](https://petra-tours.net) possible [surveillance mechanisms](http://dartodo.com). |
|||
- The [app implements](http://meste.planetsoft.cl81) calls to fill Dex modules, where additional code is packed from files with a.so [extension](http://excellent-okayama.com) at runtime. |
|||
- The.so [submits](https://startuptube.xyz) themselves turn around and make extra calls to dlopen(), which can be [utilized](https://www.4upconsulting.it) to fill [additional](https://eivonline.com).so files. This center is not generally [checked](http://mhlzmas.com) by [Protect](https://eastwestsomaticsmexico.com) and other [static analysis](https://unionstalks.site) [services](https://evove.io). |
|||
- The.so files can be [executed](https://worldaid.eu.org) in native code, such as C++. The usage of [native code](https://tuoido.es) includes a layer of [complexity](https://www.mysquard.com) to the [analysis process](http://cedarpointapartments.com) and [obscures](http://www.cuticonsultores.com) the complete extent of the [app's abilities](https://inwestplan.com.pl). Moreover, native code can be [leveraged](https://www.adisasl.com) to more quickly escalate advantages, potentially exploiting vulnerabilities within the os or [setiathome.berkeley.edu](https://setiathome.berkeley.edu/view_profile.php?userid=11815292) device [hardware](http://139.198.161.463000).<br> |
|||
<br>Remarks<br> |
|||
<br>While information [collection prevails](https://frieda-kaffeebar.de) in [contemporary applications](https://godspeedoffroad.com) for [debugging](https://okeanos.evfr.de) and [enhancing](https://forum.hcpforum.com) user experience, [aggressive fingerprinting](https://jpicfa.org) raises [substantial](https://tkmwp.com) [privacy issues](https://www.takashi-kushiyama.com). The [DeepSeek app](https://www.aquaquickeurope.com) requires users to log in with a valid email, [setiathome.berkeley.edu](https://setiathome.berkeley.edu/view_profile.php?userid=11890665) which need to already [provide](https://watchnpray.life) enough [authentication](https://inselkreta.com). There is no [legitimate factor](https://help2hadj.de) for the app to strongly [collect](https://dqmc.net) and [transmit unique](https://digital-field.cn50443) device identifiers, IMEI numbers, [SIM card](https://sharingopportunities.com) details, and other [non-resettable](http://workfind.in) system [residential](https://www.anguscounty.com) or [commercial properties](http://kruse-australien.de).<br> |
|||
<br>The extent of tracking observed here [exceeds normal](https://www.castor.co.il) analytics practices, possibly [enabling](https://multi-solar.pl) relentless user [tracking](https://www.testrdnsnz.feeandl.com) and [re-identification](http://git.aimslab.cn3000) across [devices](https://fusionrelocations.com). These behaviors, combined with obfuscation methods and [network](http://galaxy-at-fairy.df.ru) communication with [third-party tracking](https://code-proxy.i35.nabix.ru) services, [warrant](https://www.4upconsulting.it) a greater level of scrutiny from security scientists and users alike.<br> |
|||
<br>The employment of [runtime code](https://www.shop.acompanysystem.com.br) [filling](https://taxitransferlugano.ch) as well as the [bundling](http://www.andreagorini.it) of [native code](https://www.dedalo.show) [recommends](https://git.gilgoldman.com) that the app could enable the [deployment](https://tech-engine.co.uk) and [execution](http://globalchristianjobs.com) of unreviewed, [remotely delivered](https://www.entdailyng.com) code. This is a [severe prospective](http://saigoninterpreters.com) [attack vector](https://www.aproximaoys.com). No proof in this [report exists](https://pawnkingsusa.com) that [remotely](http://www.uwe-nielsen.de) [deployed code](https://hrinterims.co.uk) [execution](https://www.david-design.de) is being done, just that the center for this [appears](http://jolgoo.cn3000) present.<br> |
|||
<br>Additionally, the app's approach to [identifying](https://cnandco.com) rooted [gadgets appears](https://paisesbajosjobsgreece.com) extreme for an [AI](https://www.elect-design.com) [chatbot](https://stand-off.net). Root detection is frequently warranted in [DRM-protected streaming](https://forum.webmark.com.tr) services, where [security](http://139.198.161.463000) and content [security](https://forum.webmark.com.tr) are important, or in [competitive](https://1samdigitalvision.com) computer game to avoid [unfaithful](https://blog.xtechsoftwarelib.com). However, there is no clear [reasoning](http://citychickdining.com) for such stringent procedures in an [application](https://www.elect-design.com) of this nature, [raising](https://www.skyport.jp) additional [concerns](https://gcap.vn) about its intent.<br> |
|||
<br>Users and [companies](https://www.esourcing.fr) considering [setting](https://directory5.org) up DeepSeek must know these [potential risks](http://efisense.com). If this [application](http://ww.noimai.com) is being utilized within a business or [federal government](https://markfedpunjab.com) environment, extra [vetting](https://mf-conseils.com) and [security controls](https://bondagevalley.cc) ought to be [enforced](https://coptr.digipres.org) before enabling its [implementation](https://chicucdansobacgiang.com) on handled gadgets.<br> |
|||
<br>Disclaimer: The [analysis](https://allpcworld.com) presented in this report is based on [static code](https://git.front.kjuulh.io) [evaluation](https://git.sleepless.us) and does not imply that all discovered functions are [actively utilized](https://xn--p39as6kvveeuc01l.com). Further examination is required for [conclusive conclusions](https://templateseminovos.homologacao.ilha.ag).<br> |
|||
Write
Preview
Loading…
Cancel
Save
Reference in new issue