28Nis
If a mobile app pins the Root Authority Certificate of a server and verifies its hostname, is it possible an attack via DNS-poisoning?
I have some questions about certificate pinning.
Supposing that a mobile application has pinned only the root CA, it should be possible to an attacker to redirect in some way the victim to a malicious website with the same Root CA. Am I wr…