Learn 3 easy steps to Protect iOS Apps against PlankFilza, a tool that is used to gain administrative control over iOS and control the iOS File System.
PlankFilza is a modified version of the Filza file manager (found on Cydia). PlankFilza works by taking advantage of an exploit in iOS, in order to get limited read/write permissions to the iOS file system non-jailbroken iOS devices. Once installed it you can read files from any directory and write to the/var and/tmp locations.
Brandon Plank’s PlankFilza is an upgraded version of the Filza file explorer utility for iOS 14. PlankFilza leverages the cicuta_virosa exploit. PlankFilza is used as a rootless jailbreak tool on Jailbreak iOS 14 to 14.3. Brandon Plank tweeted earlier this year saying his new PlankFilza would be available for iOS 14 and 14.3 very soon. According to IDB, a Blog covering Apple news and technology, PlankFilza is a form of rootlessJB for advanced developers that “doesn’t come with a package manager like Cydia or Sileo out of the box, but instead incorporates SSH capabilities, which offers a means of remotely accessing the device’s filesystem over a secure network connection for the purposes of modification. This is effectively how a user would tweak such a device, as opposed to installing a tweak from a package manager on a more typical type of jailbreak.”
Jailbreaking is the process of unlocking the iOS operating system on an Apple mobile device. Jailbreaking is a form of administrative privilege escalation, which bypasses Apple’s restrictions, resulting in full administrative control over the OS (the highest level of administrative privilege possible). Jailbreaking is often accomplished by exploiting bugs in Apple’s software/firmware or modifying system kernels to allow read and write access to the file system. Jailbreaking is one of the primary methods/tools for every hacker – both black hat hackers and white hat hackers (eg: penetration testers or security researchers).
Hackers and security researchers Jailbreak iOS to access and/or modify iOS app file systems, test exploits, install a wider variety of malicious programs, and more. Whatever the intent, Jailbreaking makes every hacker’s job much easier by providing a significant advantage to compromise the security model, due to the elevated level of privilege and full administrative control that Jailbreaking enables. While PlankFilza doesn’t provide the wide range of exploits that full-fledged jailbreak techniques provide, it is still a very dangerous and potent antagonist for security professionals. Appdome recommends protecting applications against PlankFilza as soon as possible.
Keep reading to learn how to use Appdome to protect any iOS app against PlankFilza and other tools that are used to compromise iOS.
Please follow these 3 easy steps to prevent hackers from using tools like PlankFilza to weaken the app’s security model and control the iOS file system.
Congratulations! The app can now defend itself against PlankFilza.
Appdome’s no-code mobile app security platform offers mobile developers, DevSec and security professionals a convenient and reliable way to protect Android and iOS apps with RASP (Runtime Application Self-Protection). When an Appdome user clicks “Build My App,” Appdome leverages a microservice architecture filled with 1000s of security plugins, and an adaptive code generation engine that matches the correct required plugins to the development environment, frameworks, and methods in each app.
Here’s what you need to build secured apps with
After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include:
Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome.
Check out the following related KB articles:
Check out the full menu of features in the Appdome Mobile Security Suite
If you have any questions, please send them our way at firstname.lastname@example.org or via the chat window on the Appdome platform.
Or request a demo at any time.
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.