Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild
iPhone Hacking Techniques have sometimes been described almost as rare and elusive animals: pirates have used them so stealthily and carefully against such a small number of hand-picked targets that they are rarely seen in the wild. Now, a recent wave of espionage and cybercrime campaigns has instead deployed these same phone hacking tools, embedded in infected websites, to indiscriminately hack thousands of phones. And one new technique in particular, capable of supporting any of hundreds of millions of iOS devices, has appeared on the web in an easily reusable form, putting a significant fraction of the world’s iPhone users at risk.
Researchers from Google and cybersecurity firms iVerify and Lookout on Wednesday revealed the discovery of a sophisticated iPhone hacking technique known as DarkSword, which they have seen used on infected websites, capable of instantly and silently hacking iOS devices that visit those sites. Although the technique does not affect the latest updated versions of iOS, it works on iOS devices running versions of the previous version of Apple’s operating system, iOS 18, which as of last month still accounted for nearly a quarter of iPhones, according to Apple’s own counts.
“A large number of iOS users could have all their personal data stolen just by visiting a popular website,” says Rocky Cole, co-founder and CEO of iVerify. “Hundreds of millions of people who still use older Apple devices or older operating system versions remain vulnerable.”
The iPhone hacking campaign using DarkSword was revealed just two weeks after the revelation of another, even more sophisticated and comprehensive hacking tool, known as Coruna, used by what Google describes as a Russian state-sponsored spy group and other hacking groups. Although DarkSword appears to have been created by different A Coruña developers, researchers discovered that it was used by these same Russian spies. Like Coruna, it was also integrated into components of otherwise legitimate Ukrainian websites, including online media and a government agency site, to collect data from visitors’ phones.
But what is equally worrying, according to Matthias Frielingsdorf, co-founder and researcher at iVerify, is that the hackers who carried out this espionage campaign left the DarkSword code complete and unobfuscated, along with explanatory comments in English describing each component and including the name “DarkSword” of the tool, available on these sites for anyone to access and reuse. This negligence, he says, practically invites other hacker groups to adopt it and target other iPhone users. “Anyone who manually collected all the different parts of the exploit could put them on their own web server and start infecting phones. It’s that simple,” says Frielingsdorf. “Plus, everything is well documented. It’s really too easy.”
WIRED reached out to Apple for comment on the researchers’ findings, but the company provided no comment. Google declined to comment beyond the blog post published on its findings on DarkSword.
According to Lookout, DarkSword is designed to steal data from vulnerable iPhones, including passwords and photos; iMessage, WhatsApp and Telegram logs; browser history; Calendar and notes data; and even data from Apple’s Health app. Despite the seemingly espionage-focused aspect of the hacking campaign, DarkSword also steals users’ cryptocurrency wallet credentials, suggesting that the hackers may have run a possible side business in for-profit cybercrime.
Rather than installing spyware that persists on users’ phones, DarkSword uses stealthier techniques more often found in “fileless” malware that typically targets Windows devices, hijacking the legitimate processes of an iPhone’s operating system to steal data. “Instead of using a spyware payload to hack your way through the file system, leaving tons of exploit artifacts that are pretty easy to detect, this simply uses system processes the way they’re supposed to be used,” says iVerify’s Cole. “And it leaves a lot fewer traces.”
