DeepSeek Sends Data To Blacklisted China Mobile – Report

China-based AI start-up DeepSeek is in the middle of a privacy furore, after researchers uncovered “concerning code” within the platform.

Feroot Security, an Ontario-based cybersecurity firm focused on data protection, in an interview with ABC Good Morning America revealed it had uncovered ‘hidden code’ that enables direct data transmission from DeepSeek to China Mobile servers.

China Mobile is the world’s biggest mobile operator (by number of users), but was banned from operating in the US market by the FCC in 2019 due to concerns that “unauthorised access to customer…data could create irreparable damage to US national security.”

China Mobile link

In 2021 China Mobile was also kicked-off and delisted from the New York Stock Exchange.

Two smaller Chinese state-run telecom providers (China Telecom and China Unicom) were also removed from the NYSE.

“We see direct links to servers and companies in China that are under control of the Chinese government. This is something we’ve never seen before,” Ivan Tsarynny, Feroot’s cybersecurity expert explained during the ABC interview.

Users who register or log in to DeepSeek may unknowingly be creating accounts in China, making their identities, search queries, and online behaviour visible to Chinese state systems, ABC News reported.

Tsarynny reportedly said he used AI software to decrypt portions of DeepSeek’s code and found what appeared to be intentionally hidden programming that has the capability to send user data to one website: CMPassport.com, the online registry for China Mobile.

China Mobile is a state-owned telecommunications company directly controlled by the government of the People’s Republic of China (PRC).

Multiple cybersecurity experts verified Feroot’s analysis in the ABC report.

Surprise arrival

DeepSeek’s arrival last month had shocked the world, when it rose to the top of app store download charts in the US and other countries.

What had stunned the world was that DeepSeek’s chatbot matched the performance level of US rivals, but was developed for a fraction of the cost, sending world markets into a $1 trillion (£810bn) rout.

DeepSeek is based in Hangzhou, in eastern China, which is also the headquarters of tech giant Alibaba.

Earlier this week it was revealed that some European start-ups are already adopting low-cost DeepSeek AI models.

Countries where DeepSeek is banned

But DeepSeek has already been banned in a number of countries over national security concerns.

Earlier this week Italy’s data protection regulator opened a probe into DeepSeek, and ordered it to stop processing Italian users’ data and asked the Italian government to block the app in the country.

Meanwhile Australia’s Secretary of the Commonwealth Department of Home Affairs has determined that DeepSeek poses “an unacceptable risk to the Australian Government’s technology estate, and has issued a mandatory direction to prevent its access, use or installation on all Australian Government devices.”

Meanwhile the government of South Australia also announced a DeepSeek ban on government devices.

DeepSeek is also already banned by government agencies in Taiwan due to alleged security risks.

Also this week the US state of Texas banned DeepSeek from government-issued devices, along with other popular Chinese apps, such as Lemon8 and RedNote and stock-trading apps Moomoo, Tiger Brokers and Webull.

Countries considering DeepSeek ban

And a host of other countries are also considering the national security angle of DeepSeek.

The White House said last week that US officials were investigating the national security implications of DeepSeek.

Meanwhile some federal US agencies have already moved to block the app, including the US Navy which has told users not to use the Chinese model.

Meanwhile Republican Senator Josh Hawley has introduced a bill that would prohibit people in the US from using the app, or interacting with other artificial intelligence technologies built in China – or else face jail time and a fine of up to $1 million.

Besides the United States, data protection authorities in Belgium, France and Ireland are all investigating the way DeepSeek handles the personal information of its citizens, hinting that a ban may be possible in those countries in the weeks and months ahead.

South Korea and India have also signalled that action may be taken against DeepSeek due to potential privacy and security infringements.

And data protection authorities in the Netherlands said separately last Friday that they were launching an investigation into DeepSeek’s privacy practices, saying it had “serious concerns”.