PSA: If you’ve ever used a Sennheiser headset with your Mac, it is wide open to attack

If you’ve ever used a Sennheiser headset or speakerphone device with your Mac (or Windows PC), the accompanying HeadSetup app has left your machine wide open to attack.

In what has been described as a ‘monumental security blunder,’ the app allows a bad actor to successfully impersonate any secure website on the Internet …

ArsTechnica explains.

To allow Sennheiser headphones and speaker phones to work seamlessly with computers, HeadSetup establishes an encrypted Websocket with a browser. It does this by installing a self-signed TLS certificate in the central place an operating system reserves for storing browser-trusted certificate authority roots. In Windows, this location is called the Trusted Root CA certificate store. On Macs, it’s known as the macOS Trust Store.

The critical HeadSetup vulnerability stems from a self-signed root certificate installed by version 7.3 of the app that kept the private cryptographic key in a format that could be easily extracted. Because the key was identical for all installations of the software, hackers could use the root certificate to generate forged TLS certificates that impersonated any HTTPS website on the Internet. Although the self-signed certificates were blatant forgeries, they will be accepted as authentic on computers that store the poorly secured certificate root. Even worse, a forgery defense known as certificate pinning would do nothing to detect the hack.

Although the app encrypted the key with a passphrase, the passphrase itself (SennheiserCC) was stored in plaintext in a configuration file.

“It took us a few minutes to extract the passphrase from the binary,” Secorvo researcher André Domnick told Ars. From then on, he effectively had control of a certificate authority that any computer that had installed the vulnerable Sennheiser app would trust until 2027, when the root certificate was set to expire. Dominick created a proof-of-concept attack that created a single certificate […] that spoofed Google, Sennheiser, and three of Sennheiser’s competitors.

Even if you later uninstalled the app, the certificate would still be trusted. All Mac users who have ever used the HeadSetup app should manually uninstall the certificate by following Sennheiser’s instructions. (The instructions leave out the first step, which is to ensure you’re in the Finder.)

If you still use the app, you can download the latest version of HeadSet, which should also delete the vulnerable certificate, but the safest option would be to do it manually as above first

[“source=forbes]

Antlion ModMic 5 review: The best headset mic you can get, but is it worth it?

Antlion Modmic 5

“Why buy a headset when you could just buy a great pair of headphones and a good microphone for the same price?” So goes the conventional wisdom in comment sections around the world, every time someone dares to suggest that a gaming headset might not be so bad a purchase.

But what if the self-professed audiophiles are right? And what if you could get the same form factor as a headset, but with any top-tier pair of headphones? Wouldn’t that be a better deal?

We went hands on with the ModMic to find out.

(See our roundup of best gaming headsets for a thorough comparison of headset solutions.)

Hand in hand

ModMic isn’t new by any means. Since 2011, Antlion Audio has done one thing and done it well: It’s allowed gamers to take their high-end headphones, attach a microphone on the side, and thus get great sound with (most of) the convenience of a dedicated gaming headset.

It works exactly as you’d expect, basically. The ModMic costs $69.95 on Amazon and arrives in a tiny little box. After all, it’s just a microphone. Nothing too surprising here. Inside the box is a padded carrying case, and inside the case is the mic itself, along with a bundle of cables.

Antlion Modmic 5

IDG / Hayden Dingman

You then take the ModMic and affix it to the side of your headphones, probably the left ear as is standard. A bit of 3M double-sided tape holds it in place, and…that’s it. Your headphones are now a headset.

It’s a somewhat permanent installation, which can be a bit hair-raising when you’re talking about audiophile headphones. The Sennheiser HD 280s I had lying around aren’t even that nice, but I did hesitate as I affixed the ModMic to the outside. “Am I okay with this? Forever?”

The good news is that it’s somewhat permanent. The ModMic is actually two pieces. The larger piece is the mic itself, along with the boom arm. But the part that’s actually affixed to your headphones is just a small disc, about the size of a dime. The microphone attaches magnetically to the disc, so you’re free to remove the bulk whenever you’d like. All that’s left over is the weird magnetic rivet on the outside (as seen in the image below).

Antlion Modmic 5

IDG / Hayden Dingman

The next challenge is cable routing. With a headset, you usually have both your audio and mic cables combined into one, at least until they reach the PC. With the ModMic, you obviously don’t have that luxury. Instead you run a second 3.5mm cable from the ModMic to your computer, with the option to insert a mute toggle in the middle.

Our ModMic review unit came supplied with some cable sheathes, in order to wrapthe ModMic and headphone cables together. The problem is that the HD 280s use a coiled, telephone-style cable for most of their length, so I was only able to wrap the top section effectively. The result was a bit of a mess, aesthetically. With other headphones that use conventional cables, you’d probably achieve a relatively sleek result.

Still, overall, a dedicated headset is going to win out aesthetically. No surprise there—that’s why they exist. Combining headphones and a microphone into a single device allows for a more elegant and efficient design.

Testing, testing

But what about performance? After all, that’s what people are talking about when they say you should separate your headphone and microphone purchases. The theory is that you could buy audiophile-grade equipment in both categories for the price of a single, middling headset.

Antlion Modmic 5

[“source=PCworld”]a

Razer Nari Ultimate review: This haptics-enabled gaming headset lets you literally feel the groove

There’s one area where PC gamers get consistently overlooked: haptics. Haptic feedback (or rumble, in the vernacular) has been a mainstay of console gaming for almost two decades now, and for good reason. Smart usage can both increase immersion and provide invaluable feedback to players, e.g. letting you feel the moment digital tires lose traction on slick asphalt, or warning that an enemy’s shooting at you.

There have been a few experiments, like SteelSeries’s Rival 500—a mouse with built-in haptics. But it’s hard to make a mouse with rumble because it’s bound to affect your aim, and keyboards are too large and heavy to effectively produce the effect.

That leaves us with headsets. Razer’s the latest company to explore this space, this week revealing the new flagship Nari Ultimate. Get ready for sound that rattles your bones, quite literally.

This review is part of our roundup of best gaming headsets. Go there for details on competing products and how we tested them.

Float on

As I said, Razer’s not the first company to explore this haptic headset space. I actually reviewed one such headset a few years ago, the GX Gaming Cavimanus, and once upon a time Mad Catz also dabbled in similar ideas with the FREQ 4D.

It’s a popular gimmick. What better way to make bass feel more intense than to literally vibrate your skull, right? Feel the explosions. Feel the gunshots. Feel the rumble of that V8 engine.

Razer Nari Ultimate

IDG / Hayden Dingman

The Nari Ultimate might be the first to make haptics feel like more than a gimmick though, for a number of reasons.

First and foremost, Razer made a comfy headset. The Nari Ultimate lifts design cues from a number of Razer products without fully matching any. It uses the Thresher’s floating headband design, two metal arcs above another wrapped in both leatherette and sports mesh (on the inside edge). The earcups are similar to those of the Razer Kraken, generously padded and with cooling gel on the inside. And it’s a wireless headset, so the Nari Ultimate duplicates the on-ear controls from the Razer Man O’ War of course.

It’s Razer’s most comfortable headset. Like all floating headband models, it can feel too loose at times—tilting my head forward or back results in noticeable slippage. But I can (and did) wear the Nari Ultimate all day long, no problem.

Razer Nari Ultimate

IDG / Hayden Dingman

The cooling gel is fascinating as well. Like built-in haptics, Razer isn’t first to this idea either—I know Turtle Beach did something similar a few years back, and I wouldn’t even swear that was the originator. The effect is subtle, but when you first don the Nari Ultimate the ears are noticeably cooler than the usual leatherette or sports mesh surface.

Unfortunately the effect doesn’t last long. You’ve got maybe 15 or 20 minutes before the ears heat up to your skin temperature; taking the headset off for a brief period rapidly cools it again. Those dedicated to cold ears can also take the padding off and throw it in the fridge for a bit. And maybe you should, because if I have one complaint about the Nari Ultimate, it’s that once it heats up, your ears really sweat.

Aside from its heat-trap tendencies though, the Nari Ultimate’s a smart little device. It even copies over one of my favorite tricks from the Man O’ War, which is that you can store the USB dongle in the bottom of the right earcup when not in use. As someone who’s lost quite a few dongles over the years, I’ll never stop being grateful for this small courtesy. The volume wheel rounds out the right ear, while the power button, MicroUSB charging slot, a 3.5mm jack, mic mute, and chat-mix are found on the left ear.

Razer Nari Ultimate

IDG / Hayden Dingman

Note that you can use the Nari Ultimate with a 3.5mm aux cable unpowered, though obviously you lose the haptic effects. Keep it in mind regardless, as battery is one of the other weak points—haptics and lighting reduce the Nari Ultimate to a piddling eight hours of runtime. (It’s “up to” 20 with both features disabled.)

Ain’t that a kick in the head

But the haptics. That’s why we’re here, right? Sure it’s comfortable, and sure it’s got cooling gel in it, but those aren’t the features to justify spending $200 on a headset. Certainly not one by Razer. Even if you think Razer’s audio quality is worth $200 (questionable), you can undoubtedly get that same sound from Razer’s recently refreshed Kraken lineup or the lower-price Nari variants, all of which lack haptics.

Razer calls it HyperSense. It was designed by Lofelt, a company experimenting in haptic effects for VR, phones, headsets, and more. HyperSense differs from previous haptic-equipped headsets in two key ways: It operates across the entire LFE range of 20Hz to 200Hz, and it’s processed in stereo.

Razer Nari Ultimate

IDG / Hayden Dingman

What that means for you, the wearer, is nuance. A lot of haptic devices are binary, either on or off, but a few (like the Xbox One controller’s triggers) are capable of more sophisticated feedback—so you can for instance, as I said in the intro, tell when your digital tires have lost traction. The Nari Ultimate is the first headset I know of to fall into this camp.

I find it easiest to notice in music, where there are a lot of easily distinguishable elements. You’ll get a thick oomph of haptic feedback for the kick drum, a rumble for any low-end synths, and maybe a bouncey bit with some haptic reverb for the bass guitar. And the Nari Ultimate’s drivers are sophisticated enough that it can layer all these different rumbles on top of each other.

Jumping over to games then, maybe you drive around Forza Horizon 4 in an angry-sounding dune buggy, tires rumbling over dirt roads, and with the lush EDM soundtrack blasting above the din. Again, you’ve got three different sounds all contributing to the Nari Ultimate’s haptics in tandem. And as I said earlier, the Nari Ultimate works in stereo.

Razer Nari Ultimate

IDG / Hayden Dingman

That’s an important aspect to separating out the various elements as well, and one that’s not so prevalent in music (because low-frequency instruments are usually mixed in the center). So in Horizon you might feel the kick of the soundtrack’s bass drum in the center, and probably the engine most of the time. Turn to the right however, and you might feel that tire rumble slide in that direction—or vice versa, if you swing wide.

It also comes into play in shooters. If you’re getting shot from the left, expect to feel a small kick on that side of your face. Intensity depends on the amount of bass, so a grenade going off will field a slightly larger kick usually, and so on. It’s a neat trick, and one I haven’t seen in other haptic-enabled headsets.

My biggest issue is that the intensity of the haptics is dependent on volume. The louder the headset, the more intense the vibration—and Razer apparently wants you to go deaf. If you listen to the Nari Ultimate at normal, safe levels you will barely notice the haptics exist. Call me an old man, but protecting your hearing is important. There’s an option to crank the intensity in Razer’s Synapse software and I suggest you do so immediately. In my opinion it should default to a higher level, or at least not roll off the haptic effects so sharply as you decrease volume.

Razer Nari Ultimate

IDG / Hayden Dingman

As for the actual audio quality? It’s pretty solid. Razer’s sound profile isn’t my favorite, and the Nari Ultimate is certainly heavy on bass—probably to be expected, given the haptic effects. But both music and games sound relatively clear, with the mid-range and low-end coming through nicely. There’s a bit of a hollow feel to the center channel at times, but like the Man O’ War, the left/right stereo play is fantastic, and in games I find that’s usually a more important factor. Regardless, Razer’s slowly but surely closing the gap between it and companies like HyperX and Logitech.

The microphone is surprisingly decent too. Voice reproduction is good, as is noise isolation. I miss the dedicated mic volume wheel from the Man O’ War though, and the mute button’s too small by half.

Bottom line

The main sticking point is the price. The standard Nari (no surname), the mid-tier entry, runs for $150 and includes every feature from the Ultimate except the haptics. Is a bit of face-rumble worth $50? And for that matter, does the standard Nari compete with devices in its price tier like Logitech’s G533 and SteelSeries’s Arctis 7?

I’d answer yes and no, respectively. The $150 Nari is a tougher sell, and I think you’re probably better going with the G533 or even the Arctis 7 (or a wired headset for half the cost). But the Nari Ultimate’s haptics are seriously neat. Still a gimmick? Sure, maybe—but one I could see taking off. The PC is desperately in need of some haptic devices that aren’t as goofy as the various vests and so-on out there. The headset seems like a smart place to start, and evidently a bunch of other manufacturers have agreed in the past.

The Nari Ultimate is simply the first one that has the tech to make it stick. Feeling the rumble of a tank in the distance or a fat ol’ synth kick in—it’s completely unnecessary, even outright dumb at times, but adds a lot to the listening experience all the same.

[“source=PCworld”]