Security Concerns Rise as DeepSeek’s Chatbot Infrastructure Links to China Mobile
Researchers at Feroot Security have identified computer code within the web-based version of DeepSeek’s AI chatbot that could potentially send user login information to China Mobile, a Chinese state-owned telecommunications company. This discovery raises significant privacy and national security concerns, particularly as China Mobile has been barred from operating in the United States due to its alleged ties with the Chinese government and military.
DeepSeek’s Hidden Connection to China Mobile
Feroot Security’s investigation uncovered heavily obfuscated code embedded within DeepSeek’s login page. When deciphered, the code revealed links to China Mobile’s infrastructure. This suggests that some aspect of DeepSeek’s account creation and authentication process may involve the Chinese telecom giant.
DeepSeek has previously acknowledged that its data is stored on servers within the People’s Republic of China. However, the direct link to China Mobile, as uncovered by Feroot, adds another layer of concern about the extent of state involvement in the chatbot’s operations.
National Security Risks and Implications
The U.S. government has long maintained that China Mobile poses a national security risk. The Federal Communications Commission (FCC) denied the company the authority to operate in the United States in 2019, citing substantial concerns over its connections to the Chinese state. Furthermore, in 2021, the Biden administration issued investment restrictions against China Mobile due to its suspected ties to the Chinese military.
Experts warn that the implications of this finding go beyond those associated with apps like TikTok. While TikTok’s national security concerns center on user behavior analytics, DeepSeek’s AI chatbot processes highly sensitive and proprietary information from its users. The potential for data interception or surveillance is significantly heightened in this case, as individuals frequently use AI chatbots for confidential business queries, research, and personal information processing.
Unanswered Questions About Data Transfers
Feroot Security’s research did not detect data being actively transferred to China Mobile during login attempts conducted in North America. However, cybersecurity experts warn that such transfers could be occurring selectively for specific users or under certain login conditions. The presence of fingerprinting scripts in DeepSeek’s login process suggests that user device information is being collected, a technique often employed for tracking and authentication purposes.
Feroot’s findings were independently verified by cybersecurity researchers Joel Reardon of the University of Calgary and Serge Egelman of the University of California, Berkeley. Their analysis confirmed the presence of China Mobile-linked authentication code in DeepSeek’s login system.
What’s Next?
The rise of Chinese-controlled AI services has placed an urgent focus on the security risks posed by foreign technology companies. With DeepSeek’s chatbot becoming one of the most downloaded apps in the U.S., the revelations about its ties to China Mobile demand immediate scrutiny from policymakers and industry leaders.
Ivan Tsarynny, CEO of Feroot Security, emphasized the gravity of the situation, stating, “The implications of this are significantly larger because personal and proprietary information could be exposed. It’s not just entertainment videos being shared—it’s highly sensitive business and personal data.”
As concerns over digital sovereignty and cybersecurity mount, it remains to be seen how regulators will respond to the growing influence of foreign AI platforms in the U.S. and globally. Feroot Security continues its mission to uncover and mitigate online security threats, ensuring that users can engage with digital platforms safely and securely.
