Skip to main content
Consumer
ProductsApplicationsStoriesLearnSupportAbout us
Consumer
/Commerce/Cart/CartIsClosedMessage
Product Security at Sennheiser

Product Security at Sennheiser

At Sennheiser, we prioritize our customers' security and are dedicated to being a dependable and trustworthy partner. We are committed to addressing the security needs of our customers, particularly our corporate and higher education clients, while staying ahead of upcoming security regulations. Our security features are being progressively integrated into our portfolio and will be included in new relevant solutions.

Security Principles

Dedicated product security team

Our dedicated product security team establishes requirements and security standards, and oversees their conceptualization and implementation.

Security by design

At Sennheiser we implement the Security by design approach into our development lifecycle. By introducing security early on, we can ensure that our products meet the latest industry standards and are more resilient to upcoming threats.

Security by Default

We utilize Security by Default, while aiming to balance robust security in our products' default settings with user-friendly design

Software Development Lifecycle

We follow best practices for secure Software Development Lifecycle (SDLC) and information security.

Internal and external security evaluations

We perform internal and external security evaluations and testing, and continuously work to identify potential vulnerabilities while offering security patches as early as possible to our customers.

Vulnerability handling process

We have a vulnerability handling process to act promptly on vulnerabilities in our products.

  • Dedicated product security team

    Our dedicated product security team establishes requirements and security standards, and oversees their conceptualization and implementation.

  • Security by design

    At Sennheiser we implement the Security by design approach into our development lifecycle. By introducing security early on, we can ensure that our products meet the latest industry standards and are more resilient to upcoming threats.

  • Security by Default

    We utilize Security by Default, while aiming to balance robust security in our products' default settings with user-friendly design

  • Software Development Lifecycle

    We follow best practices for secure Software Development Lifecycle (SDLC) and information security.

  • Internal and external security evaluations

    We perform internal and external security evaluations and testing, and continuously work to identify potential vulnerabilities while offering security patches as early as possible to our customers.

  • Vulnerability handling process

    We have a vulnerability handling process to act promptly on vulnerabilities in our products.

Security Features


Sennheiser products are built around the needs of our cherished AV and IT professional users. We are continuously evaluating and evolving our products to make sure we offer all essential security features. The following features are gradually rolled out in parts of our portfolio and will be available in all new relevant solutions.
 
Encryption for Confidentiality
To meet the increasing demand for security in AV and IT projects, Sennheiser developed the secure Sennheiser Sound Control Protocol for secure control of our devices. It is an encrypted REST API allowing the user to control the device using HTTPS commands and integrate products in every IT environment. It offers end-to-end security, utilizing TLS.
 
Selected wireless microphone products support wireless link audio encryption, based on AES 256. This standard is recommended by NIST and widely used in multiple industries including AV
 
Authentication and Authorization for Access Control
Sennheiser implements authenticated methods on our devices and software, to ensure that only authenticated users can access the devices on the network and that devices are secured end-to-end.

  • Most Sennheiser software solutions which are accessible on the network, are password protected by default.

  • All the latest Sennheiser devices must be claimed and password protected before allowing configuration or monitoring.

  • 3rd party integrations are disabled by default. They must be explicitly enabled, authorized by the user and authenticated in the 3rd party module.

  • 802.1x is supported to allow IT professionals the state-of-the-art control mechanism for network authentication. It allows the configuration of which devices can communicate on their internal networks.
 
Firmware updates
  • All network connected Sennheiser devices are updatable, thus ensuring that future vulnerabilities can be resolved by providing security patches.

  • The devices utilize a secure firmware update, ensuring that only authorized firmware is executed.

  • Sennheiser monitors for vulnerabilities and aims to provide security patches in a timely manner. Please always keep your systems up-to-date.
 
Advanced networking options
Sennheiser provides multiple network ports on our products to allow IT and AV professionals to utilize network isolation. In complex customer networks, the Sennheiser device can be connected to separate networks, isolating control from media communication.
 
For security sensitive applications and additional flexibility, customers also have the option to use analog audio on selected products and disconnect their devices from the network altogether.
 
 

Vulnerability Handling Policy

 
If you want to report a vulnerability in a Sennheiser product
 
Our vulnerability handling process
  • Sennheiser has a dedicated product security team which, upon discovering internally or receiving a reported vulnerability, will investigate and determine its applicability, severity and impact.

  • In case it is applicable, the vulnerability and fixing proposals are coordinated with the respective development team.

  • The security update will be communicated in the firmware and software release notes.  Severe vulnerabilities will also be communicated on the product website.

  • Customers are urged to check the release notes and to always keep their systems up to date.

  • Sennheiser is committed to fix and communicate vulnerabilities in a timely manner.