4

I have seen multiple mobile applications that are pinning Global Root CA's instead of intermediate/leaf certificates. Doesn't this expose to the same risk as not having certificate pinning at all?

Considering the classic coffee shop attack scenario where the owner of the network has a certificate issued for his domain (*.evilcoffee.com signed by DigiCert)

Now if the mobile application is trusting any certificate issued by Digicert then you can effectively MiTM? Am I missing something?

bi0s.kidd0
  • 203
  • 2
  • 7
  • Are you saying that the application makes a server request, downloads the certificate, then inspects the chain, and then inspects the chain for a matching hash? What library is doing the validation, or is it manual? – makerofthings7 Nov 16 '19 at 13:44
  • On iOS its using AFNetworking and Android its okHTTP3. @goodguys_activate Here is some relevant research I have done on this topic: https://github.com/AFNetworking/AFNetworking/issues/2744 The application makes a connection to the domain `api..com` The certificate on that domain has the Global Root CA > Intermediate CA > Leaf (which has *.companyname.com as its SAN) Instead of pinning the leaf/intermediate they are pinning global root CA – bi0s.kidd0 Nov 16 '19 at 14:28

2 Answers2

1

Pinning a Root CA can prevent risks posed by other trusted Root CAs in the default certificate store. As mentioned in the link you shared (thank you), it's a deployment decision as to how high (or low) in the chain you would pin the certificate.

Check out this Security.SE post for more information for the underlying threat and some mitigations.

makerofthings7
  • 50,090
  • 54
  • 250
  • 536
1

Now if the mobile application is trusting any certificate issued by Digicert then you can effectively MiTM? Am I missing something?

Pinning against a CA does not mean that every certificate from this CA will be trusted for a site but that only certificates issued by this CA will be considered to be trustable in the first place.

CA pinning does not disable any other checks usually done, i.e. checking for the subject (CN/SAN) matching the hostname, certificate not being expired, purpose ... . Thus CA pinning does not allow any certificates which were not allowed without CA pinning. It prevents though trusting other CA to be trusted to issue a certificate for the specific domain.

Pinning against a specific root CA for a domain is like removing any other root CA from the trust store when validating a certificate for this domain.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424