Product Security at Sennheiser

At Sennheiser, we prioritize our customers' security and are dedicated to being a dependable and trustworthy partner. We are committed to addressing the security needs of our customers, particularly our corporate and higher education clients, while staying ahead of upcoming security regulations. Our security features are being progressively integrated into our portfolio and will be included in new relevant solutions.

Security Principles

Dedicated product security team

Our dedicated product security team establishes requirements and security standards, and oversees their conceptualization and implementation.

Security by design

At Sennheiser we implement the Security by design approach into our development lifecycle. By introducing security early on, we can ensure that our products meet the latest industry standards and are more resilient to upcoming threats.

Security by Default

We utilize Security by Default, while aiming to balance robust security in our products' default settings with user-friendly design

Software Development Lifecycle

We follow best practices for secure Software Development Lifecycle (SDLC) and information security.

Internal and external security evaluations

We perform internal and external security evaluations and testing, and continuously work to identify potential vulnerabilities while offering security patches as early as possible to our customers.

Vulnerability handling process

We have a vulnerability handling process to act promptly on vulnerabilities in our products.

Dedicated product security team
Our dedicated product security team establishes requirements and security standards, and oversees their conceptualization and implementation.
Security by design
At Sennheiser we implement the Security by design approach into our development lifecycle. By introducing security early on, we can ensure that our products meet the latest industry standards and are more resilient to upcoming threats.
Security by Default
We utilize Security by Default, while aiming to balance robust security in our products' default settings with user-friendly design

Security Features

Sennheiser products are built around the needs of our cherished AV and IT professional users. We are continuously evaluating and evolving our products to make sure we offer all essential security features. The following features are gradually rolled out in parts of our portfolio and will be available in all new relevant solutions.

Encryption for Confidentiality

To meet the increasing demand for security in AV and IT projects, Sennheiser developed the secure Sennheiser Sound Control Protocol for secure control of our devices. It is an encrypted REST API allowing the user to control the device using HTTPS commands and integrate products in every IT environment. It offers end-to-end security, utilizing TLS.

Selected wireless microphone products support wireless link encryption, and some also support Dante Media Encryption — both based on AES 256. This encryption standard is recommended by NIST and widely used across industries including AV. Support for Dante Media Encryption will also be extended to our ceiling microphones and TeamConnect Bars in the near future.

Authentication and Authorization for Access Control

Sennheiser implements authenticated methods on our devices and software, to ensure that only authenticated users can access the devices on the network and that devices are secured end-to-end.

Most Sennheiser software solutions which are accessible on the network, are password protected by default.
All the latest Sennheiser devices must be claimed and password protected before allowing configuration or monitoring.
3rd party integrations are disabled by default. They must be explicitly enabled, authorized by the user and authenticated in the 3rd party module.
802.1x is an important industry standard for secure network authentication. It is already available on selected Sennheiser products, and we are extending support across our current portfolio. All future Business Communication products will support 802.1x, enabling IT professionals to configure precisely which devices can communicate on their internal networks.

Firmware updates

All network connected Sennheiser devices are updatable, thus ensuring that future vulnerabilities can be resolved by providing security patches.
The devices utilize a secure firmware update, ensuring that only authorized firmware is executed.
Sennheiser monitors for vulnerabilities and aims to provide security patches in a timely manner. Please always keep your systems up-to-date.

Advanced networking options

Sennheiser provides multiple network ports on our products to allow IT and AV professionals to utilize network isolation. In complex customer networks, the Sennheiser device can be connected to separate networks, isolating control from media communication.

For security sensitive applications and additional flexibility, customers also have the option to use analog audio on selected products and disconnect their devices from the network altogether.

Vulnerability Handling Policy

If you want to report a vulnerability in a Sennheiser product

Please use the form: https://help.sennheiser.com/hc/en-us/requests/new
Select “I want to report a security issue with a product or software”

Our vulnerability handling process

Sennheiser has a dedicated product security team which, upon discovering internally or receiving a reported vulnerability, will investigate and determine its applicability, severity and impact.
Sennheiser responds within 7 working days upon receiving reported vulnerabilities and will provide updates on the status of confirmed vulnerabilities in a timely manner
In case it is applicable, the vulnerability and fixing proposals are coordinated with the respective development team.
The security update will be communicated in the firmware and software release notes. Severe vulnerabilities will also be communicated on the product website.
Customers are urged to check the release notes and to always keep their systems up to date.
Sennheiser is committed to fix and communicate vulnerabilities in a timely manner.

TeamConnect Bar Security White Paper

View White Paper

EW-DX Security Configuration Guide

Download Guide

Spectera Security Guide

View Spectera Security Guide