Your Headphones Might Break The Security of Your Computer

Sennheiser has now been pinpointed as have a major security vulnerability in its HeadSetup app. It involves a self-signed TLS signature and which Sennheiser placed in the Trusted Root CA Certificate store (or in the macOS Trust Store). This means that this certificate can be used to validate other certificates, as the private key on the certificate could be easily extracted.

Once the private key is derived, it is then possible to sign for maliciously installed applications, as we have a trusted root certificate. The password on the certificate was SennheiserCC, and was found by reverse engineering the HeadsSetup application and finding the configuration file :

To prove vulnerability, Secorvo spoofed a Google certificate, along with other audio companies [CVE-2018–17612]:

The spoof certificate was: