Researchers Connect DeepSeek's Popular Chatbot to China Mobile's US Ban

A recent investigation has found potential security issues related to the website of DeepSeek, a Chinese artificial intelligence company whose chatbot has surged in popularity, becoming the most downloaded app in the United States.

Security researchers have discovered that the web login page for DeepSeek's chatbot contains complex computer code that could transmit certain user login credentials to China Mobile, a Chinese state-owned telecommunications firm that has been banned from operating in the United States.

This obfuscated code appears during the account creation and user login process for DeepSeek, suggesting a direct link to this banned company. DeepSeek has acknowledged in its privacy policy that it stores data on servers located within the People's Republic of China, but the recent findings indicate a more substantial connection between DeepSeek and the Chinese state than previously understood.

The U.S. government has raised concerns regarding the connections between China Mobile and the Chinese military, which were key reasons for the sanctions placed on the firm. Both DeepSeek and China Mobile did not respond to inquiries for comment from researchers.

The rise of Chinese technology services has become a focal point for U.S. national security debates. Last year, Congress voted with overwhelming bipartisan support to push for the Chinese ownership of TikTok to either sell its operations or face a nationwide ban, although TikTok has since been granted a temporary reprieve from the administration.

Feroot Security, a Canadian cybersecurity firm, was the first to identify the code linking DeepSeek to China Mobile and shared their discovery with major news outlets. Subsequent investigations by other cybersecurity experts confirmed the presence of this code, although they did not detect any actual data being sent to China Mobile during their tests in North America. Nevertheless, they could not completely eliminate the possibility that some user data was indeed being transmitted.

This analysis only pertains to DeepSeek's web platform and not the mobile application, which remains widely popular on platforms like Apple and Google.

The U.S. Federal Communications Commission (FCC) unanimously denied China Mobile permission to operate in the U.S. back in 2019 due to serious national security threats linked to the company's relationships with the Chinese government. Additionally, sanctions were placed on the company after the Pentagon raised similar concerns.

Commenting on the situation, Ivan Tsarynny, CEO of Feroot, noted, "It’s mindboggling that we are unknowingly allowing China to survey Americans and we’re doing nothing about it." He further remarked on the unusual nature of the findings, suggesting that something may have been intentionally concealed.

Stewart Baker, a legal consultant with experience in national security, highlighted that DeepSeek poses risks comparable to those of TikTok, with the added concern that the type of information involved could be of far greater significance to national security and personal privacy.

Users tend to input sensitive data into generative AI systems, including private business information and personal details. The risks are heightened when such platforms are owned by adversaries that might exploit this information for intelligence purposes.

Feroot's investigation pinpointed code that is activated when users log into DeepSeek. This code may gather detailed information about the user's device, a practice known as fingerprinting, commonly employed by tech firms to enhance security measures and target advertising.

In an independent validation by two cybersecurity professors, it was confirmed that the chatbot’s login system had connections to China Mobile, indicating their involvement in user registration with DeepSeek. Nevertheless, during testing, they were unable to see any data being transferred.

"It’s clear that China Mobile is somehow involved in registering for DeepSeek," stated Joel Reardon, one of the academic experts involved in the analysis, suggesting the likelihood of data transmission for some login methods.

China, Security, Technology