Sennheiser software may expose users to virtual attacks

The software for Sennheiser’s high-end headphones has been discovered to have a major security flaw which could potentially allow hackers access to a users’ personal details.

During a random check, security consulting firm Secorvo has found that Sennheiser’s HeadSetup and HeadSetup Pro softwares installed a root certificate into the Trusted Root CA Certificate store along with a non-unique private key.

This private key isn’t unique to each user, which is where the problem lies. It means that if someone is able to decrypt the key, they could then gain access to any of the affected users’ systems via faking a website and asking the user to enter their personal details.

To make matters worse, uninstalling the software itself doesn’t remove this trusted root certificate. So anyone who has ever installed the software is at risk.

Sennheiser has released an update that patches the issue and is imploring users both past and present to install it, even if they have since uninstalled an earlier version of HeadSetup. 

So if you think you may have ever used this software on your PC or Mac, we highly recommend you install this update.



Comments