Sennheiser headset skype for business mac
Although the self-signed certificates were blatant forgeries, they will be accepted as authentic on computers that store the poorly secured certificate root. Even worse, a forgery defense known as certificate pinning would do nothing to detect the hack.Īlthough the app encrypted the key with a passphrase, the passphrase itself (SennheiserCC) was stored in plaintext in a configuration file. Because the key was identical for all installations of the software, hackers could use the root certificate to generate forged TLS certificates that impersonated any HTTPS website on the Internet. The critical HeadSetup vulnerability stems from a self-signed root certificate installed by version 7.3 of the app that kept the private cryptographic key in a format that could be easily extracted. On Macs, it’s known as the macOS Trust Store. In Windows, this location is called the Trusted Root CA certificate store. It does this by installing a self-signed TLS certificate in the central place an operating system reserves for storing browser-trusted certificate authority roots.
![sennheiser headset skype for business mac sennheiser headset skype for business mac](https://shop.dq-solutions.ch/media/catalog/product/cache/10/image/650x650/9df78eab33525d08d6e5fb8d27136e95/i/h/ih29570.jpg)
To allow Sennheiser headphones and speaker phones to work seamlessly with computers, HeadSetup establishes an encrypted Websocket with a browser. In what has been described as a ‘monumental security blunder,’ the app allows a bad actor to successfully impersonate any secure website on the Internet …
![sennheiser headset skype for business mac sennheiser headset skype for business mac](https://www.zinuss.de/media/catalog/product/cache/6/image/800x800/9df78eab33525d08d6e5fb8d27136e95/s/e/sennheiser-btd-800-ml.jpg)
#SENNHEISER HEADSET SKYPE FOR BUSINESS MAC MAC#
If you’ve ever used a Sennheiser headset or speakerphone device with your Mac (or Windows PC), the accompanying HeadSetup app has left your machine wide open to attack.