Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild

Summary

Researchers discovered DarkSword, a sophisticated iPhone hacking technique capable of instantly compromising hundreds of millions of iOS 18 devices through infected websites. The tool was found deployed by Russian state-sponsored hackers on Ukrainian websites and has proliferated to multiple hacking groups through broker firms.

Key Points

• DarkSword affects iOS 18 devices (about 25% of iPhones) through malicious websites, stealing passwords, messages, photos, and cryptocurrency wallet credentials
• The technique uses 'fileless' malware tactics, hijacking legitimate iOS processes to steal data within minutes in a 'smash-and-grab' approach without persistence
• Russian hackers carelessly left the complete, documented DarkSword code accessible online, making it easily reusable by other threat actors

Takeaways

• Organizations should immediately update all iOS devices to the latest version and enable Lockdown Mode for high-risk users to protect against these exploits
• The proliferation of sophisticated mobile exploits through broker networks indicates a shift from targeted attacks to mass deployment, requiring broader defensive strategies

Topics: mobile security, iOS vulnerability, exploit kit, state-sponsored hacking, malware, zero-day