Sennheiser Headphones Vulnerability Could Allow HTTPS Site Spoofing

Sennheiser has recently patched a serious vulnerability in its headphone software. As discovered by the researchers, the vulnerability could allow an attacker to meddle with HTTPS requests, exposing users to malicious sites. This Sennheiser headphones vulnerability did not affect the hardware, rather the HeadSetup software.

Sennheiser Headphones Vulnerability

Researchers from Secorvo have found a critical flaw in Sennheiser headphones software that made Windows and Mac users vulnerable to cyber attacks. The Sennheiser headphones vulnerability could trigger MITM attacks, allowing hackers to spoof encrypted websites.

As reported in Secorvo’s detailed vulnerability report, the flaw existed in the Sennheiser HeadSetup and HeadSetup Pro software for their headphones. As explained by the researchers, the Sennheiser headphones, which work by establishing connections via softphones to HTTPS encrypted server websites, could allow an attacker spoof a genuine encrypted website by exploiting the TLS certificates and the associated private keys that remain the same for every installation. According to the researchers,

“We found that – caused by a critical implementation flaw – the secret signing key of one of the clandestine planted root certificates can be easily obtained by an attacker. This allows him or her to sign and issue technically trustworthy certificates. Users affected by this implementation bug can become victim of such a certificate forgery, allowing an attacker to send e.g. trustworthy signed software or acting as an authority authorised by Sennheiser.”

Such a forgery opened up a plethora of attack options to attackers. These include tracking and modifying victim’s session with a fake HTTPS web server, phishing, and malware attacks. What’s more problematic in this attack scenario is that the fake certificates persisted even after removing the Sennheiser software.

Patched Updates Released

The researchers from Secorvo found this Certificate Management Vulnerability in Sennheiser HeadSetup (CVE-2018-17612) in July 2018. After the discovery, they got in touch with the vendors to ensure a fix was applied. While Sennheiser promised to release a patch by November, the researchers disclosed the bug in order to secure the vulnerable customers by advising workarounds to them.

Microsoft also released its advisory whilst acknowledging the bug, and updating its Certificate Trust List for Windows.

Anyhow, the vendors have now released patched updates for both HeadSetup and HeadSetup Pro. The patched releases include HeadSetup: version 8.1.6114 (for Windows) and version 5.3.7011 (for Mac). As explained by Sennheiser in their advisory,

“After running the script with administrative privileges, the risk of Sennheiser certificates being subject for misuse will be eliminated. The file also includes a description on how users can manually verify that certificates are removed.”

Users should, hence, make sure to update their PCs to protect themselves from this Sennheiser headphones vulnerability.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients