Lenovo Flaw Could Let Hackers Bypass Fingerprint Scanners On Some PCs

Earning a high severity level from Lenovo's own security advisory, anyone currently using a select number of the company's Thinkpad, ThinkStation and Thinkcentre systems should know that there's an important vulnerability that needs to be fixed.

Image: Lenovo

That's because, hidden within Lenovo's Fingerprint Manager Pro software, there's a flaw on machines running Windows 7, 8 and 8.1 that could potentially let a hacker log in to your computer using a hardcoded password, bypassing the fingerprint scanner, and even decrypt your current Windows credentials.

According to Lenovo, "A vulnerability has been identified in Lenovo Fingerprint Manager Pro. Sensitive data stored by Lenovo Fingerprint Manager Pro, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in."

Thankfully, this vulnerability was only exploitable to those with local access to the system, meaning that any attempts to bypass Lenovo's fingerprint security had to be done in person, rather than online. And as of Thursday, January 25, Lenovo has released an update (version number 8.01.87) that includes fixes for the various issues.

For a full list of the effected machines, see the list below.

ThinkPad L560

ThinkPad P40 Yoga, P50s

ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560

ThinkPad W540, W541, W550s

ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)

ThinkPad X240, X240s, X250, X260

ThinkPad Yoga 14 (20FY), Yoga 460

ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z

ThinkStation E32, P300, P500, P700, P900

Trending Stories Right Now