Latest in Gear

Image credit: Sennheiser

Sennheiser's headphone software could allow attackers to intercept data

The company has issued a fix for the flawed apps.
298 Shares
Share
Tweet
Share
Save

Sponsored Links

Sennheiser

Sennheiser's HeadSetup and HeadSetup Pro software poses a cybersecurity risk, according to a vulnerability disclosure from Germany's Secorvo Security Consulting. The headphone-maker is now urging users to update to new versions of the software after researchers revealed it was installing a root certificate, along with an encrypted private key, into the Trusted Root CA Certificate store, which could enable man-in-the-middle (MITM) attacks.

Sennheiser says its update rids HeadSetup of vulnerable certificates. You can download it from the company's support site. To be clear, the problem doesn't lie with the company's hardware -- which ranges from wireless headphones to office headsets.

In the wake of Secorvo's report, Microsoft also warned users that digital certificates were disclosed in Sennheiser's apps, which could allow bad actors to remotely spoof websites or content. The flaw is being compared to the Lenovo Superfish bug from 2015: a preloaded adware on Lenovo's laptops that installed a man-in-the-middle certificate, allowing hackers to spy on secure websites users were visiting.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
298 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's 2019 Back-to-School Guide

Engadget's 2019 Back-to-School Guide

View
YouTube is removing its direct messaging feature in September

YouTube is removing its direct messaging feature in September

View
Walmart sues Tesla after solar panels catch fire at stores

Walmart sues Tesla after solar panels catch fire at stores

View
Nikon updates its SnapBridge app for faster image transfers

Nikon updates its SnapBridge app for faster image transfers

View
A fourth 'Matrix' movie is happening

A fourth 'Matrix' movie is happening

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr