Unfortunately for Sennheiser, it seems that their attempt at offering more feature-rich headphones resulted in a security vulnerability. This was discovered by security firm Secorvo (via Digital Trends) who noticed the flaw in the company’s desktop software. According to the discovery, it seems that Sennheiser (or whoever designed the software) used the same decryption key for every installation of the software.
This means that in theory, a hacker who can decrypt this key could issue forged certificates to impersonate any HTTPS websites, thus allowing them to potentially conduct man-in-the-middle attacks. Sennheiser is aware of the issue and stated that they are working on a fix. “Sennheiser was informed about this vulnerability in advance, is aware of the vulnerability impact, and started working on an updated version of HeadSetup to resolve the issue.”
In the meantime until the fix can be released, the company has offered up a temporary workaround by removing the certificate which you can find on Sennheiser’s support page.
Filed in Hack, Headphones, Security and Sennheiser.
. Read more about