Skip to content

January 31, 2018

Lenovo’s fingerprint scanner software is broken, update it today

by John_A

There is a lot of bad news lately when it comes to the security of our PCs and other devices. All kinds of nefarious parties want to break into our machines and access our most vital personal and professional information. That is what makes recent advances in biometric security, such as fingerprint scanners and facial recognition, so welcome. It’s also what makes it so disturbing when there is a flaw in those systems, as was recently the case with Lenovo’s Fingerprint Manager Pro software.

Fingerprint Manager Pro is a Windows 7, 8, and 8.1 utility that enables the fingerprint scanner on certain Lenovo systems to match a user’s fingerprint and use it to log into the machine as well as to authenticate to websites without needing to type in a password. As Lenovo indicates in a recent support bulletin, versions of the utility older than 8.01.87 are vulnerable to attack thanks to a weak algorithm and a hard-coded password — leaving sensitive data accessible to any user with local non-administrative access to a machine.

It is important to note that Windows 10 machines are unaffected, thanks to Microsoft’s built-in fingerprint reader support. If you’re using Windows 10 Hello on a Lenovo system, therefore, you have nothing to worry about.

This isn’t the first time that Lenovo’s fingerprint software has suffered from a lapse in security. In early 2016, the Lenovo Fingerprint Manager and Touch Fingerprint Software utilities were vulnerable to a local privilege escalation that allows users to gain administrator rights when running applications.

Here is a list of the affected systems:

  • ThinkPad L560
  • ThinkPad P40 Yoga, P50s
  • ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
  • ThinkPad W540, W541, W550s
  • ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
  • ThinkPad X240, X240s, X250, X260
  • ThinkPad Yoga 14 (20FY), Yoga 460
  • ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
  • ThinkStation E32, P300, P500, P700, P900

Go update the Lenovo Fingerprint Manager Pro utility today. You can download it here, and then install it as soon as you can to make sure your sensitive data remains protected. While you’re at it, you can check out all of Lenovo’s security advisories here to make sure you’re not exposed.

Editors’ Recommendations

  • Synaptics’ Clear ID puts the fingerprint sensor under your smartphone’s display
  • Older Windows 10 devices susceptible to Windows Hello face spoofing
  • Lenovo revs up the ThinkPad X1 line with Intel 8th-gen, HDR displays, and Alexa
  • How to speed up Windows in a few easy steps
  • How to factory reset Windows and make your PC new again

Read more from News

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

%d bloggers like this: