Fingerprint sensors have now become a common norm amongst smartphone devices. However, the actual use of technology on consumer devices dates back to the time when OEMs such as HP and Lenovo started using fingerprint sensors on their devices.
While Microsoft has made things easier for manufacturers with the launch of Windows Hello on Windows 10, a biometric security framework that embraces face recognition and fingerprint scanning among other authentication methods, OEMs were earlier forced to implement their own security measures. Sadly though, it has been reported that Lenovo’s security measures for their fingerprint sensors weren’t up to the mark.
According to Lenovo, its fingerprint manager software has a vulnerability that could potentially give hackers easy access to those computers, even when user credentials are encrypted. Sensitive data stored by Lenovo Fingerprint Manager Pro, including users’ Windows login credentials and fingerprint data, is encrypted using a weak algorithm and is accessible to all users with local non-administrative access to the system it is installed in.
Furthermore, all this information has a hard-coded password. Anyone who finds out that password will be able to decrypt that data and gain access to the PC.
Fortunately, the aforementioned bug is present only on ThinkPad laptops running a version of Windows older than Windows 10, namely, 7, 8, and 8.1. While many people have already updated their devices to Windows 10, it is understandable that there are still a bunch of users who prefer to rely on the previous-gen OS. As a result, Lenovo has rolled out v8.01.87 of Lenovo Fingerprint Manager Pro to protect against these threats. Below is the list of models affected by this bug:
• ThinkPad L560
• ThinkPad P40 Yoga, P50s
• ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
• ThinkPad W540, W541, W550s
• ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
• ThinkPad X240, X240s, X250, X260
• ThinkPad Yoga 14 (20FY), Yoga 460
• ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
• ThinkStation E32, P300, P500, P700, P900
Users who have updated to Windows 10 need not worry since the device is already making use of the Windows Hello feature to protect against threats and hacks.