How to Protect iOS Apps From PlankFilza File System Tool

 

Learn 3 easy steps to Protect iOS Apps against PlankFilza, a tool that is used to gain administrative control over iOS and control the iOS File System.

What is PlankFilza?

PlankFilza is a modified version of the Filza file manager (found on Cydia). PlankFilza works by taking advantage of an exploit in iOS, in order to get limited read/write permissions to the iOS file system non-jailbroken iOS devices. Once installed it you can read files from any directory and write to the/var and/tmp locations.

Brandon Plank’s PlankFilza is an upgraded version of the Filza file explorer utility for iOS 14. PlankFilza leverages the cicuta_virosa exploit. PlankFilza is used as a rootless jailbreak tool on Jailbreak iOS 14 to 14.3. Brandon Plank tweeted earlier this year saying his new PlankFilza would be available for iOS 14 and 14.3 very soon. According to IDB, a Blog covering Apple news and technology, PlankFilza is a form of rootlessJB for advanced developers that “doesn’t come with a package manager like Cydia or Sileo out of the box, but instead incorporates SSH capabilities, which offers a means of remotely accessing the device’s filesystem over a secure network connection for the purposes of modification. This is effectively how a user would tweak such a device, as opposed to installing a tweak from a package manager on a more typical type of jailbreak.”

What is iOS Jailbreaking?

Jailbreaking is the process of unlocking the iOS operating system on an Apple mobile device. Jailbreaking is a form of administrative privilege escalation, which bypasses Apple’s restrictions, resulting in full administrative control over the OS (the highest level of administrative privilege possible). Jailbreaking is often accomplished by exploiting bugs in Apple’s software/firmware or modifying system kernels to allow read and write access to the file system. Jailbreaking is one of the primary methods/tools for every hacker – both black hat hackers and white hat hackers (eg: penetration testers or security researchers).

Why Should Developers Protect iOS Apps against PlankFilza?

Hackers and security researchers Jailbreak iOS to access and/or modify iOS app file systems, test exploits, install a wider variety of malicious programs, and more. Whatever the intent, Jailbreaking makes every hacker’s job much easier by providing a significant advantage to compromise the security model, due to the elevated level of privilege and full administrative control that Jailbreaking enables. While PlankFilza doesn’t provide the wide range of exploits that full-fledged jailbreak techniques provide, it is still a very dangerous and potent antagonist for security professionals. Appdome recommends protecting applications against PlankFilza as soon as possible.

plankfilza ios jailbreak

Keep reading to learn how to use Appdome to protect any iOS app against PlankFilza and other tools that are used to compromise iOS.

3 Easy Steps to Protect iOS apps against PlankFilza 

Please follow these 3 easy steps to prevent hackers from using tools like PlankFilza to weaken the app’s security model and control the iOS file system. 

  1. Upload an iOS App to Appdome’s no code security platform (.ipa)
  2. In the Build Tab, under Security, Select Jailbreak Prevention (shown below)
  3. Click Build My App

No code jailbreak prevention ios apps

Congratulations! The app can now defend itself against PlankFilza.

Appdome’s no-code mobile app security platform offers mobile developers, DevSec and security professionals a convenient and reliable way to protect Android and iOS apps with RASP (Runtime Application Self-Protection). When an Appdome user clicks “Build My App,” Appdome leverages a microservice architecture filled with 1000s of security plugins, and an adaptive code generation engine that matches the correct required plugins to the development environment, frameworks, and methods in each app.

Prerequisites

Here’s what you need to build secured apps with

No Coding Dependency

Using Appdome, there are no development or coding prerequisites to build secured apps with Jailbreak prevention and prevent PlankFilza. There is no SDK and no library to manually code or implement in the app. The Appdome technology adds the relevant standards, frameworks, and logic to the app automatically, with no manual development work at all.

How to Sign & Publish Secured Mobile Apps Built on Appdome  

After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include 

Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome. 

 How to Learn More

Check out the following related KB articles:

Jailbreaking Prevention

Rooting Android 

Prevent Jailbreak Bypass and Jailbreak Hiding 

Check out the full menu of features in the Appdome Mobile Security Suite

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Or request a demo at any time.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

 

 

 

Alan Bavosa

Have a question?

Ask an expert

ThomasMaking your security project a success!

Get Your Copy
2021 Global Mobile
Consumer Security
Survey