German cybersecurity firm Secorvo Security Consulting has discovered a major security flaw in the software bundled with Sennheiser headphones.
The vulnerability is exclusive to Sennheiser’s HeadSetup and HeadSetup Pro software, and is enabled by the installation of root certificates.
The software installed root certificates and encrypted private keys into the Trusted Root CA Certificate store, which could make the user’s system vulnerable to man-in-the-middle attacks.
This means that attackers could potentially use this vulnerability to intercept and alter communications between two parties over a secure channel.
Microsoft has implemented measures to invalidate the vulnerable certificates, and Sennheiser has released an updated version of its software suite which removes the vulnerability.
This means that if users update their software and their Windows 10 installation, they should not be vulnerable to any exploits aimed at these certificates.
Users can download the latest Sennheiser software suite from the company’s official website.