DeepSeek chatbot linked to China's telecom firm that is barred from operating in United States, claim researchers

The website of the Chinese artificial intelligence company DeepSeek, whose chatbot became the most downloaded app in the United States, has computer code that could send some user login information to a Chinese state-owned telecommunications company that has been barred from operating in the United States, security researchers say, as per a report.

The web login page of DeepSeek's chatbot contains heavily obfuscated computer script that when deciphered shows connections to computer infrastructure owned by China Mobile, a state-owned telecommunications company. The code appears to be part of the account creation and user login process for DeepSeek, AP reported.

Storage Servers in China

In its privacy policy, DeepSeek acknowledged storing data on servers inside the People's Republic of China. But its chatbot appears more directly tied to the Chinese state than previously known through the link revealed by researchers to China Mobile.


The US has claimed there are close ties between China Mobile and the Chinese military as justification for placing limited sanctions on the company. DeepSeek and China Mobile did not respond to emails seeking comment.


The growth of Chinese-controlled digital services has become a major topic of concern for US national security officials. Lawmakers in Congress last year on an overwhelmingly bipartisan basis voted to force the Chinese parent company of the popular video-sharing app TikTok to divest or face a nationwide ban though the app has since received a 75-day reprieve from President Donald Trump, who is hoping to work out a sale.


The code linking DeepSeek to one of China's leading mobile phone providers was first discovered by Feroot Security, a Canadian cybersecurity company, which shared its findings with The Associated Press. The AP took Feroot's findings to a second set of computer experts, who independently confirmed that China Mobile code is present.


Neither Feroot nor the other researchers observed data transferred to China Mobile when testing logins in North America, but they could not rule out that data for some users was being transferred to the Chinese telecom.


The analysis only applies to the web version of DeepSeek. They did not analyse the mobile version, which remains one of the most downloaded pieces of software on both the Apple and the Google app stores.


The US Federal Communications Commission unanimously denied China Mobile authority to operate in the United States in 2019, citing "substantial" national security concerns about links between the company and the Chinese state. In 2021, the Biden administration also issued sanctions limiting the ability of Americans to invest in China Mobile after the Pentagon linked it to the Chinese military.


Feroot, which specialises in identifying threats on the web, identified computer code that is downloaded and triggered when a user logs into DeepSeek. According to the company's analysis, the code appears to capture detailed information about the device a user logs in from - a process called fingerprinting. Such techniques are widely used by tech companies around the world for security, verification and ad targeting.


The company's analysis of the code determined that there were links in that code pointing to China Mobile authentication and identity management computer systems, meaning it could be part of the login process for some users accessing DeepSeek.


The AP asked two academic cybersecurity experts - Joel Reardon of the University of Calgary and Serge Egelman of the University of California, Berkeley - to verify Feroot's findings. In their independent analysis of the DeepSeek code, they confirmed there were links between the chatbot's login system and China Mobile.


"It's clear that China Mobile is somehow involved in registering for DeepSeek," said Reardon. He didn't see data being transferred in his testing but concluded that it is likely being activated for some users or in some login methods.

FAQs

Q1. What are concerns over Chinese digital services?
A1. The code linking DeepSeek to one of China's leading mobile phone providers was first discovered by Feroot Security, a Canadian cybersecurity company, which shared its findings with The Associated Press.

Q2. What we know about DeepSeek's privacy policy?
A2. In its privacy policy, DeepSeek acknowledged storing data on servers inside the People's Republic of China. But its chatbot appears more directly tied to the Chinese state than previously known through the link revealed by researchers to China Mobile.