Hacking toolkit puts millions of iPhones at risk

Early last week, researchers at Google and two cybersecurity companies iVerify and Lookout discovered the DarkSword cyber attack toolkit. Initially, hacking targets were mainly detected in Ukraine.

However, TechCrunch noted that a more advanced version of DarkSword was released on the source code sharing site GitHub earlier this week, anyone can download and use it. “It’s really bad. They’re very easy to exploit for unintended purposes,” said Matthias Frielingsdorf, co-founder of iVerify. “Complete prevention is now almost impossible. Therefore, it is necessary to consider the possibility that criminals and bad guys will start using them soon.”

Theo ReutersDarkSword is considered one of the most advanced hacking toolkits targeting iPhone users, especially devices running iOS 18 and earlier. DarkSword’s revamp has the same infrastructure as previously analyzed samples, Frielingsdorf said, but is simplified, consisting of just HTML and java scripts, meaning anyone can copy and paste them and store them on the server “within minutes to hours.”

“Once enabled, exploiting the security vulnerabilities becomes active immediately,” he said. “Attackers do not need iOS expertise.”

Google spokeswoman Kimberly Samra said the company’s researchers agreed with Frielingsdorf’s assessment after analyzing DarkSword.

Meanwhile, account X @matteyeuxclaiming to be a security researcher, commented that using DarkSword was “really easy”. This person said he successfully hacked an iPad mini tablet running iOS 18 with a few simple steps.

Apple spokeswoman Sarah O’Rourke also admitted that DarkSword can attack iOS and iPadOS devices running old and outdated versions. The company has acknowledged the problem and released an emergency patch from March 11 for devices that cannot run the latest iOS. “Regular software updates are the most important thing to keep Apple devices safe,” O’Rourke recommends.

Apple statistics at the end of last year showed that about a quarter of iPhone and iPad users still use iOS 18, iPadOS 18 or older. According to Wired, More than 2.5 billion active iPhones and iPads mean hundreds of millions of people are at risk of being attacked by DarkSword.

DarkSword appeared a few weeks after Google security experts discovered another advanced iPhone hacking toolkit, Coruna, in early March. Coruna uses 5 complete attack chains, taking advantage of a total of 23 security vulnerabilities, capable of attacking many iPhone models running the iOS operating system from versions 13 to 17.2.1. This tool does not rely on just a single vulnerability, instead combining multiple weaknesses in iOS to form a coordinated attack process.