Message: Return type of CI_Session_null_driver::open($save_path, $name) should either be compatible with SessionHandlerInterface::open(string $path, string $name): bool, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice
Message: Return type of CI_Session_null_driver::close() should either be compatible with SessionHandlerInterface::close(): bool, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice
Message: Return type of CI_Session_null_driver::read($session_id) should either be compatible with SessionHandlerInterface::read(string $id): string|false, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice
Message: Return type of CI_Session_null_driver::write($session_id, $session_data) should either be compatible with SessionHandlerInterface::write(string $id, string $data): bool, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice
Message: Return type of CI_Session_null_driver::destroy($session_id) should either be compatible with SessionHandlerInterface::destroy(string $id): bool, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice
Message: Return type of CI_Session_null_driver::gc($maxlifetime) should either be compatible with SessionHandlerInterface::gc(int $max_lifetime): int|false, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice
NRIPage | Articles | DeepSeek Faces Criticism Over Security Flaws and User Privacy Concerns | Get General Articles. Stay Informed on a World of Topics - NRI Page
DeepSeek, a popular app, is once again under scrutiny following the discovery of multiple security vulnerabilities that could compromise user privacy. A recent report from mobile security firm NowSecure reveals several flaws in DeepSeek's iOS app, DeepSeek R1, which raise serious concerns about how the company is handling sensitive user data.One of the primary issues identified is the app’s failure to use Apple’s built-in App Transport Security (ATS), which is designed to ensure secure data transmission over encrypted channels. DeepSeek has completely disabled ATS, meaning the app is sending unencrypted data over the internet, which could easily be intercepted by malicious actors.
Additionally, even when encryption is applied, DeepSeek uses the outdated and insecure Triple DES (3DES) encryption algorithm. This algorithm is widely regarded as broken and ineffective in protecting sensitive data, leaving user information vulnerable.A particularly alarming issue highlighted in the report is the exposure of a database containing sensitive user information, including chat logs and secret keys. The database was left unprotected, meaning anyone could access the data without requiring authentication. This flaw has raised questions about the company’s commitment to securing its users' personal information.
Experts warn that even seemingly harmless data, when aggregated over time, can lead to the identification of individuals. This is particularly concerning given that the data collected by DeepSeek can be cross-referenced with information from other apps, potentially leading to the de-anonymization of users. A recent case involving a data breach at Gravy Analytics demonstrated how this kind of data aggregation can lead to significant privacy risks.NowSecure is urging businesses, government agencies, and individuals to reconsider using DeepSeek until the company addresses these critical security vulnerabilities. The report calls for immediate action to fix the flaws, including re-enabling App Transport Security and switching to a more secure encryption method to protect user data.
