The software for Sennheiser's high-end headphones have a bizarre and potentially dangerous bug that makes users vulnerable to hackers
- Sennheiser's HeadSetup headphone software for PC and Macs contains a vulnerability that could allow hackers to show users up fake websites that look perfectly legitimate.
- Sennheiser has issued an update which every HeadSetup user, past or present, should download and install now.
- Sennheiser also offers alternative steps to remove the vulnerability for PC and Mac, linked below.
- Sennheiser headphones are high-end, costing in the hundreds of dollars.
If you currently use -or have ever used - Sennheiser's HeadSetup software, which is designed to complement some of the company's headphones on a PC or Mac, you may be vulnerable to hackers, according to a report from the Secorvo Security Consulting firm. The report was first spotted by Ars Technica.
Essentially, the vulnerability in the HeadSetup software allows hackers to show a "spoofed" website, such that a fake site can look real, including the "https:" at the beginning of the website's URL address, as well as the lock icon. Normally, the lack of those things is a good marker that a site is a fraud; the flaw could help fool even savvy users.Any information you typed into a spoofed website could be obtained by the hackers who put it up, including login information, passwords, credit card information, personal information, and anything else you'd type into a legitimate website for whatever reason.
Sennheiser has issued an update containing a fix for the vulnerability on its website. Anyone who's ever used the software should download the update and install it.
Even those who have uninstalled the software for whatever reason should download the update and install it, as the vulnerability lingers even after uninstalling the version of the software that contained the vulnerability.