Security features

Built-in security features protect TC Bar devices, data, and communications across network, firmware, access control, and privacy aspects.

Encryption and authentication

To meet the increasing demand for security in AV and IT projects, Sennheiser developed the secure Sennheiser Sound Control Protocol (SSCv2). Among other security features, this protocol defines a REST API that allows the user to control the device using an end-to-end encrypted connection via TLS1.2 / TLS1.3 (HTTPS). In addition to encryption, SSCv2 also provides an authentication scheme. By using HTTP basic authentication, a compatible and well-established mechanism of username and password is employed to ensure that no unauthorized changes are made to the device’s settings and that no data is read from it. The SSCv2 protocol is used for secure communication from all Sennheiser Control Software and 3rd party API to the TC Bar.

The communication between the TC Bar and the Sennheiser DeviceHub cloud-based monitoring and device management tool uses MQTT network protocols over HTTPS. The communication is authenticated and encrypted using TLS 1.2 and higher. Devices must be enrolled to Sennheiser DeviceHub, using an enrollment code for device authentication.

The TC Bar supports Dante Media Encryption, allowing to safeguard media from interception or unauthorized access. The feature is available from firmware version 1.3.8 onwards and protects the content of media flows using AES-256 encryption. Visit the Dante documentation for more information.

Password protection

Sennheiser implements authentication methods on devices and software, to ensure that only authenticated users can access the devices on the network. The TC Bar is delivered with a strong, unique default password in the factory default state. This password is printed on the device label and is required for initial access. When accessing the TC Bar for the first time via the Local Web UI or during claiming of the device in Control Cockpit the default password must be changed before any configuration or monitoring.

  • The Local Web UI of the TC Bar device is protected by the current device password and requires authentication for access.
  • Sennheiser control software (Control Cockpit and DeviceHub) is protected by its own dedicated user authentication mechanisms and requires separate credentials, independent of the device password.
  • 3rd party integrations are disabled by default. They must be explicitly enabled and authorized by the user and require authentication using credentials defined within the respective 3rd party module.

Firmware updates

The TC Bars can be updated, ensuring that future vulnerabilities are resolved by providing security patches. To guard against malicious tempering, the devices implement a secure firmware update mechanism, ensuring that only authorized firmware signed by Sennheiser can be installed.

From firmware version 1.3.8 onwards, device downgrades are prevented to ensure security.

Brute force prevention

To safeguard against brute force attacks, the device implements a brute force prevention mechanism designed to limit unauthorized access attempts. This includes blocking IP addresses after repeated access attempts with invalid credentials.

Secure boot

The TC Bars are designed to start only with verified, trusted firmware, preventing execution of unauthorized code during the boot process.

Advanced networking options

The TC Bars support different network modes and, in the case of the TC Bar M, multiple network ports to allow IT and AV professionals to implement network isolation. In complex customer networks, the Sennheiser device can be connected to separate networks, isolating control traffic from media communication.

Physical security and privacy

The TC Bar is designed with physical security features, including a lens cap to protect the camera when it is not in use, and a Kensington lock slot to secure the device against theft.

Protect personal data

The TC Bar is designed with privacy in mind. The device does not store any personal data, helping to ensure that your privacy is protected. The Sennheiser Control Cockpit software also does not store any personal data.

The Sennheiser DeviceHub cloud monitoring tool stores only the personal data required for sign-up and login. No audio or video data is ever sent from a Sennheiser device to the Sennheiser DeviceHub. Only control information is transmitted to the cloud, namely device configuration and monitoring status. All Sennheiser DeviceHub processing of private data is carried out in compliance with GDPR. For more information, please see the Sennheiser DeviceHub privacy policy.