The Sennheiser utility HeadSetup has an apparent security glitch, so it’s time to not just upgrade to the latest version of the app if you’re using it, but to revoke its security certificate on your Mac. Here’s how to do it.
Actually, before I show you how to get rid of the possible bad root certificate, let’s start by putting this whole issue in context…
I have at least a half-dozen pair of Sennheiser headphones and my daily headphones are the gorgeous Sennheiser Momentum Wireless headphones. They sound wonderful, the active noise cancellation works great and they have long battery life. And even though they’re paired to my Mac and my iPhone, I’ve not only never used the “HeadSetup” app, I didn’t even know that Sennheiser had an application for the Mac or Windows platform available.
So while the usual news sources online are doing the clickbait “sky is falling” stories on this “shocking and dangerous” security threat, the fact is that the vast, vast majority of people who have Sennheiser headphones are completely immune from this problem because they never installed the app in the first place.
Now, with some context and rational thinking established, let’s go through the steps to remove the bad security certificate if you have it on your Mac system. At the end I’ll explain what to do if you want to check your Windows computer for this same potential vulnerability too.
To start, use Spotlight to launch your Keychain Access utility. Simply press Cmd-Space to get to the Spotlight search box (a handy shortcut to know!) and start typing:
As you can see, I’ve typed “keychai” and that’s enough for a correct match. Press Return or click on the matching program and it’ll open up a vital system security utility on your Mac:
Notice on the left that I’ve clicked on “System”. This is where the Sennheiser bad root certificate would exist if you have one or more on your system. But you don’t have to scroll – that’s so 90’s! – because you can search too. Just look for “Senn” (just those four letters).
Odds are very good you’ll get a result like I did:
That is, no matches. There. See, much ado about nothing. 🙂
WHAT IF YOU HAVE SENNCOMROOTCA?
Then again, perhaps you did find that there’s one or more matches. In fact, you might have this root certificate on your Mac system because at some point in the past you installed, ran, and then deleted the HeadSetup program. In that case, here are the steps you’ll need to do…
First, find the matching “SenncomRootCA” entry in System, as shown:
Select the SennComRootCA entry, then press DELETE on your keyboard.
Keychain Access will now step you through account validation prompts. Start by proving you have permission to modify your Mac system keychain:
Now that you’ve proved you have permission to modify your system keychain, you’ll need to confirm that you really do want to remove the Sennheiser HeadSetup root certificate SenncomRootCA too:
Proceed by clicking on the blue “Delete” button.
And one more confirmation:
That’s it. Now just go through the System Keychain a second time to see if there are any other Senncom certificates – it’s possible there’s also one associated with 127.0.0.1 – and once you’re sure that you’re clear, close Keychain Access.
WHAT ABOUT ON A WINDOWS COMPUTER?
If you have a Windows computer and think you might have run HeadSetup on that device, you should be okay as Windows doesn’t support the kind of root certificate that the Mac does (for now, at least). Still, it’s smart to step through the process and check you’re clear there too. Sennheiser posted a tutorial to make that easy: Remove Sennheiser Root Certificate from Windows Computer.
DONE. AND WELL DONE.
That’s it. No reason to panic, the sky is not falling, and odds are that only a handful of you readers will actually find any sort of Sennheiser certificate in your keychain on your Mac system. It’s too bad that reputable sites like Ars Technica, 9to5 Mac, Bit-Tech.net and Cyberscoop choose to instead use rhetorical flourishes to make it sound much worse than it actually proves to be. Modern times, modern news. Be safe, but be skeptical too.
Pro Tip: I also cover the Mac extensively and have hundreds of useful Mac tips and help pages on the site. Please check ’em out while you’re here. Thanks.