If a mobile app pins the Root Authority Certificate of a server and verifies its hostname DNS-poisoning?



  • I have some questions about certificate pinning. Supposing that a mobile application has pinned only the root CA, it should be possible to an attacker to redirect in some way the victim to a malicious website with the same Root CA. Am I wrong? What happens, instead, if an app pins the Root CA but verifies the hostname of the server which the app is connecting to? If the attacker owns a website under the same Root CA, can he poison DNS-cache and let the app connect to his website or there are security mechanisms which prevent such behaviour? Thanks in advance!



  • ... it should be possible to an attacker to redirect in some way the victim to a malicious website with the same Root CA.

    This will only be possible if the client blindly believes any certificate signed by this CA. This level of trust should of course not be done if the root CA might also issue certificates to an attacker, as is the case with common public CA. That's why a TLS client is supposed to verify if the subject of the certificate matches the expectation too, i.e. if the specified target hostname or IP is covered by the certificate.

    ... pins the Root CA but verifies the hostname of the server which the app is connecting to

    That's what a properly written app will do.

    If the attacker owns a website under the same Root CA, can he poison DNS-cache and let the app connect to his website or there are security mechanisms which prevent such behaviour?

    The client should check the subject of the certificate with the intended hostname or IP. While DNS lookup of a domain might result an alias (CNAME) this will not change the intended hostname, but is only an internal step in getting the IP address. This means DNS poisoning against the client cannot be used to change the intended domain and therefore the attacker needs to have a certificate for the intended domain - which the CA should not issue since the attacker cannot proof to own it.

    But, DNS poisoning against the CA might be use to fake the proof of ownership in domain validated certificates. In this case the attacker could get a valid certificate for the target domain which then can be used against the client, for example in a DNS poisoning attack against the client.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2