Latest in Gear

Image credit: Sennheiser

Sennheiser's headphone software could allow attackers to intercept data

The company has issued a fix for the flawed apps.
298 Shares
Share
Tweet
Share

Sponsored Links

Sennheiser

Sennheiser's HeadSetup and HeadSetup Pro software poses a cybersecurity risk, according to a vulnerability disclosure from Germany's Secorvo Security Consulting. The headphone-maker is now urging users to update to new versions of the software after researchers revealed it was installing a root certificate, along with an encrypted private key, into the Trusted Root CA Certificate store, which could enable man-in-the-middle (MITM) attacks.

Sennheiser says its update rids HeadSetup of vulnerable certificates. You can download it from the company's support site. To be clear, the problem doesn't lie with the company's hardware -- which ranges from wireless headphones to office headsets.

In the wake of Secorvo's report, Microsoft also warned users that digital certificates were disclosed in Sennheiser's apps, which could allow bad actors to remotely spoof websites or content. The flaw is being compared to the Lenovo Superfish bug from 2015: a preloaded adware on Lenovo's laptops that installed a man-in-the-middle certificate, allowing hackers to spy on secure websites users were visiting.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
298 Shares
Share
Tweet
Share

Popular on Engadget

Qantas completes record 19-hour flight to test limits of air travel

Qantas completes record 19-hour flight to test limits of air travel

View
The best trackballs

The best trackballs

View
After Math: Stand and Delivery

After Math: Stand and Delivery

View
Honda's Accord Hybrid is a value-packed sedan

Honda's Accord Hybrid is a value-packed sedan

View
NASA's InSight lander can finally dig a hole for its Mars heat probe

NASA's InSight lander can finally dig a hole for its Mars heat probe

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr