Call us today on: +44 (0)203 88 020 88
SecureTeamSecureTeamSecureTeamSecureTeam
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Vulnerability Assessment
    • Web Application Penetration Test
    • Configuration Review
      • Windows Build Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials Certification
  • News
  • Articles
  • About
    • About SecureTeam
    • Cookie Policy
    • Privacy Notice
    • Website Terms & Conditions
    • White-Label Consultancy
    • Jobs
  • Contact Us

News

Home  >  News  >  Vulnerabilities  >  Sennheiser headphone bug highlights certificate vulnerability
NextPrevious
sennheiser headphones vulnerability

Sennheiser headphone bug highlights certificate vulnerability

News, Vulnerabilities | 12 December, 2018 | 0

A recent vulnerability in Sennheiser’s headphone management utility illustrates the risk of unexpected additions to the Microsoft windows certificate store.

During installation, the Sennheiser software installed a self-signed root certificate into the computer’s trusted root CA certificate store. A copy of the certificates’ private key was also copied into application’s installation directory.  Security research firm Secorvo recently disclosed that although the private key was encrypted, it was encrypted with the easily-guessable passphrase of the vendor’s name which makes it trivial for an attacker to decrypt the key and use it to further their attack.

As a result of this vulnerability (CVE-2018-17612), the researchers were able to create and install trusted wildcard certificates for various websites, including Google. Any malicious user who was aware of the flaw would be able to do the same, creating trusted certificates for any web domain which would be treated as valid on any other Windows computer which has ever had the Sennheiser software installed on it – compromising the HTTPS/TLS security.

Reminiscent of the Superfish software which contained a similar flaw and came pre-installed on Lenovo laptops in 2014, this story illustrates the risks posed by unexpected and unauthorised changes to the trusted certificate store.

Microsoft has issued a security advisory regarding these types of certificate-based vulnerabilities and has also updated the security trust list within the WIndows operating system to remove user-mode trust for these certificates.

How to check your certificate store for potentially rogue certificates

This story raises the question of how to check the certificate store for other unexpected certificates which could compromise the security of the certifiates used by the computer. The Sysinternals Sigcheck tool by Microsoft’s Mark Russinovich is a useful utility in this situation. It can be used to check all the installed certificates on the local system and will identify any which are not trusted according to the Microsoft trusted root certificate list.

Sigcheck can be obtained from the Sysinternal website at the following URL:

https://docs.microsoft.com/en-us/sysinternals/downloads/sigcheck

Executing Sigcheck with the -tv operator will have Sigcheck download the trusted Microsoft root certificate list and only output valid certificates not rooted to a certificate on that list i.e. suspicious certificates.

A healthy report will produce the result: No certificates found.

Subscribe to our monthly cybersecurity newsletter
Stay up-to-date with the very latest cybersecurity news & technical articles delivered straight to your inbox
We hate spam as much as you do. We will never give your email address out to any third-party.

microsoft, Sysinternals, web browsers

Related Post

  • Internet Explorer zero-day RCE attack

    By Mark Faithfull

    Microsoft has released details of a zero-day remote code execution vulnerability which is being actively exploited to attack Windows computers. It affects all versions of Internet Explorer running on Windows 7, 8.1 and 10. TheRead more

  • microsoft office phishing

    Microsoft Office files increasing used as attack vector

    By Mark Faithfull

    In 2017 MS Office files accounted for just 5% of malicious email attachments – this jumped to 48% by the end of 2018 A recent report by Symantec reveals that Microsoft Office files are increasingRead more

  • microsoft patch tuesday december

    Death by PowerPoint and other vulnerabilities

    By Mark Faithfull

    Microsoft’s December 2018 patch Tuesday release includes fixes for several critical vulnerabilities including one in PowerPoint which affects all versions since PowerPoint 2010. The PowerPoint bug (CVE-2018-8628) would allow an attacker to create a specially-craftedRead more

  • Microsoft advises SIEM to help defend RDP

    By Mark Faithfull

    In a recent whitepaper, Microsoft provides advice on how to spot RDP attacks in Windows event logs while the attack is still underway. The paper titled:  “Data science for cybersecurity: A probabilistic time series modelRead more

  • Final Windows 7 Patches and critical security bug fixed

    By Mark Faithfull

    The last ever Windows 7 Patch Tuesday update also includes a fix to a long standing bug in the Windows cryptographic library (CryptoAPI) which could allow attackers to spoof digital certificates and conduct man-in-the-middle attacks.Read more

NextPrevious

Recent Posts

  • SUDO bug allows privilege escalation
  • Hue smart bulb RCE vulnerability patched
  • Cisco patches critical switch flaws
  • Ragnarok ransomware exploits Citrix vulnerability
  • Infrastructure Patching Problems

Tags

blockchain Bluetooth Chrome Cisco credential stuffing CREST cyber crime cyber essentials cyber security cyber security news Data Protection DNS Ethereum Exchange Server exim fileless formjacking GDPR Intel IoT Linux MacOS Meltdown microsoft OAuth patching PDF penetration testing phishing ransomware RDP Row Hammer security breach security testing SIEM Spectre supply chain attacks Sysinternals TPM UK Law VNC vulnerability management web applications web browsers wireless

Archives

  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • July 2018
  • June 2018
  • April 2018
  • January 2018
  • October 2017
BCS Cyber Essentials Cyber Essentials Cyber Essentials PLUS
information. secured.
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Vulnerability Assessment
    • Web Application Penetration Test
    • Configuration Review
      • Windows Build Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials Certification
  • News
  • Articles
  • About
    • About SecureTeam
    • Cookie Policy
    • Privacy Notice
    • Website Terms & Conditions
    • White-Label Consultancy
    • Jobs
  • Contact Us
SecureTeam
SecureTeam use cookies on this website to ensure that we give you the best experience possible. If you continue to use our site we will assume that you are happy with cookies being used.OkRead more