Call us today on: +44 (0)203 88 020 88
SecureTeamSecureTeamSecureTeamSecureTeam
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Wireless Network Penetration Test
      • Vulnerability Assessment
      • Network Segregation Test
      • Voice over IP (VoIP) Penetration Test
    • Application Testing
      • Web Application Penetration Test
      • Mobile Application Penetration Test
      • Desktop Application Security Assessment
      • Citrix Breakout Test
    • Configuration Review
      • Windows Server Build Review
      • Linux Server Build Review
      • Citrix Configuration Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials
  • News
  • Articles
  • About
    • About SecureTeam
    • STORM Appliances
      • Installing a STORM Device
      • Returning a STORM Device
    • White-Label Consultancy
    • Jobs
    • Cookie Policy
    • Privacy Notice
    • Website Terms & Conditions
  • Contact Us

News

Home  >  News  >  Vulnerabilities  >  Sennheiser headphone bug highlights certificate vulnerability
NextPrevious
sennheiser headphones vulnerability

Sennheiser headphone bug highlights certificate vulnerability

News, Vulnerabilities | 12 December, 2018 | 0

A recent vulnerability in Sennheiser’s headphone management utility illustrates the risk of unexpected additions to the Microsoft windows certificate store.

During installation, the Sennheiser software installed a self-signed root certificate into the computer’s trusted root CA certificate store. A copy of the certificates’ private key was also copied into application’s installation directory.  Security research firm Secorvo recently disclosed that although the private key was encrypted, it was encrypted with the easily-guessable passphrase of the vendor’s name which makes it trivial for an attacker to decrypt the key and use it to further their attack.

As a result of this vulnerability (CVE-2018-17612), the researchers were able to create and install trusted wildcard certificates for various websites, including Google. Any malicious user who was aware of the flaw would be able to do the same, creating trusted certificates for any web domain which would be treated as valid on any other Windows computer which has ever had the Sennheiser software installed on it – compromising the HTTPS/TLS security.

Reminiscent of the Superfish software which contained a similar flaw and came pre-installed on Lenovo laptops in 2014, this story illustrates the risks posed by unexpected and unauthorised changes to the trusted certificate store.

Microsoft has issued a security advisory regarding these types of certificate-based vulnerabilities and has also updated the security trust list within the WIndows operating system to remove user-mode trust for these certificates.

How to check your certificate store for potentially rogue certificates

This story raises the question of how to check the certificate store for other unexpected certificates which could compromise the security of the certifiates used by the computer. The Sysinternals Sigcheck tool by Microsoft’s Mark Russinovich is a useful utility in this situation. It can be used to check all the installed certificates on the local system and will identify any which are not trusted according to the Microsoft trusted root certificate list.

Sigcheck can be obtained from the Sysinternal website at the following URL:

https://docs.microsoft.com/en-us/sysinternals/downloads/sigcheck

Executing Sigcheck with the -tv operator will have Sigcheck download the trusted Microsoft root certificate list and only output valid certificates not rooted to a certificate on that list i.e. suspicious certificates.

A healthy report will produce the result: No certificates found.

Subscribe to our monthly cybersecurity newsletter
Stay up-to-date with the very latest cybersecurity news & technical articles delivered straight to your inbox
We hate spam as much as you do. We will never give your email address out to any third-party.

microsoft, Sysinternals, web browsers

Related Post

  • Microsoft Patches two zero-day Exploits

    By Mark Faithfull

    Microsoft’s August patch-Tuesday bundle fixes 120 vulnerabilities including two under active exploitation- one of them over two years old. Weighing in at 120 fixes, the August 2020 Patch Tuesday is the third largest ever releasedRead more

  • Internet Explorer zero-day RCE attack

    By Mark Faithfull

    Microsoft has released details of a zero-day remote code execution vulnerability which is being actively exploited to attack Windows computers. It affects all versions of Internet Explorer running on Windows 7, 8.1 and 10. TheRead more

  • microsoft office phishing

    Microsoft Office files increasing used as attack vector

    By Mark Faithfull

    In 2017 MS Office files accounted for just 5% of malicious email attachments – this jumped to 48% by the end of 2018 A recent report by Symantec reveals that Microsoft Office files are increasingRead more

  • microsoft patch tuesday december

    Death by PowerPoint and other vulnerabilities

    By Mark Faithfull

    Microsoft’s December 2018 patch Tuesday release includes fixes for several critical vulnerabilities including one in PowerPoint which affects all versions since PowerPoint 2010. The PowerPoint bug (CVE-2018-8628) would allow an attacker to create a specially-craftedRead more

  • PowerShell Patches security flaws

    By Mark Faithfull

    Microsoft has released patches for two security vulnerabilities in PowerShell which could allow a malicious script to circumvent the protection offered by Windows Defender Application Control. PowerShell is a cross-platform command-line shell used extensively inRead more

NextPrevious

Recent Posts

  • PowerShell Patches security flaws
  • LightBasin hacks telcos around the world
  • 2021 Digital Defense Report
  • Excel XLM Macros to be disabled by default – sometimes
  • October Security Updates

Tags

Adobe Android Apple Bluetooth Chrome Cisco credential stuffing cyber crime cyber essentials cyber security cyber security news Data Protection DDoS Dell DNS Exchange Server exim fileless formjacking GDPR IoT Linux MacOS Meltdown microsoft ncsc Netgear patching penetration testing phishing ransomware RDP security breach Security operations security testing SIEM software development Spectre supply chain attacks Sysinternals Tomcat vulnerability management web applications web browsers wireless

Archives

  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • July 2018
  • June 2018
  • April 2018
  • January 2018
  • October 2017
BCS Cyber Essentials Cyber Essentials Cyber Essentials PLUS ISO 9001 ISO 27001
information. secured.
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Wireless Network Penetration Test
      • Vulnerability Assessment
      • Network Segregation Test
      • Voice over IP (VoIP) Penetration Test
    • Application Testing
      • Web Application Penetration Test
      • Mobile Application Penetration Test
      • Desktop Application Security Assessment
      • Citrix Breakout Test
    • Configuration Review
      • Windows Server Build Review
      • Linux Server Build Review
      • Citrix Configuration Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials
  • News
  • Articles
  • About
    • About SecureTeam
    • STORM Appliances
      • Installing a STORM Device
      • Returning a STORM Device
    • White-Label Consultancy
    • Jobs
    • Cookie Policy
    • Privacy Notice
    • Website Terms & Conditions
  • Contact Us
SecureTeam