Lenovo recently rolled out what it is calling a critical update to a security exploit that was discovered in its ThinkPad Fingerprint Reader. The flaw was discovered by the company’s own security division, and has acknowledged that the issue could allow hackers with malicious intent to bypass a older ThinkPad notebook’s security, gaining full access to the device’s login with a hard-coded password.
“Sensitive data stored by Lenovo Fingerprint Manager Pro, including users’ Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in,” said Lenovo in regards to the exploit.
Specifically, the exploit affects older ThinkPads running on Microsoft’s Windows 7, Windows 8, and Windows 8.1. ThinkPads running on the latest Windows 10 operation system (OS) are not affected by this exploit, simply because it relies on the OS’s own built-in fingerprint authentication system.
Thankfully, however, it seems that the exploit can only be done via local access to the system, meaning that the hacker has to physically be in front of the affected notebook in order to take full advantage of the flaw.
Getting back on point; if you’re using one of the ThinkPad notebooks listed down below, we do strongly urge to you download the Fingerprint Manager Pro update immediately:
- ThinkPad L560
- ThinkPad P40 Yoga, P50s
- ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
- ThinkPad W540, W541, W550s
- ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
- ThinkPad X240, X240s, X250, X260
- ThinkPad Yoga 14 (20FY), Yoga 460
- ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
- ThinkStation E32, P300, P500, P700, P90
(Sources: Hot Hardware, Gizmodo)
