Lenovo Issues Software Update For Serious ThinkPad Fingerprint Reader Security Exploit

by Brandon Hill — Monday, January 29, 2018, 04:29 PM EDT

If you have an older ThinkPad, ThinkCentre or ThinkStation PC with an integrated fingerprint reader, you might want to download Lenovo's latest software update. The company has acknowledged that a flaw in its Fingerprint Management Pro software could allow a malicious actor with physical access to your device login with a hard-coded password, bypassing the fingerprint reader.

Lenovo says that the flaw affects Lenovo machines running Windows 7, Windows 8 and Windows 8.1. "Sensitive data stored by Lenovo Fingerprint Manager Pro, including users’ Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in," Lenovo writes in a new support document.

It should be noted that Lenovo PCs running Windows 10 are not affected by this exploit, as they rely on that operating system's own built-in fingerprint authentication system. The following Lenovo systems are affected by the Fingerprint Manager Pro security exploit:

ThinkPad L560
ThinkPad P40 Yoga, P50s
ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
ThinkPad W540, W541, W550s
ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
ThinkPad X240, X240s, X250, X260
ThinkPad Yoga 14 (20FY), Yoga 460
ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
ThinkStation E32, P300, P500, P700, P900

Users of these devices are encouraged to download Fingerprint Manager Pro version 8.01.87 immediately.

Tags: Lenovo, ThinkPad, ThinkStation, thinkcentre, fingerprint-sensor

Lenovo Issues Software Update For Serious ThinkPad Fingerprint Reader Security Exploit

Login with Social Media or Manually