Lenovo has issued a high severity security advisory warning over flaws in a number of its devices. The issues are found in the company’s Fingerprint Management Pro software, potentially allowing a hacker with local access to bypass biometric security and log into a computer.
Lenovo has listed its ThinkPad, ThinkCentre, and ThinkStation models that may be running the application. The good news is that it was only used on devices running Window 7, 8, and 8.1, so those with Windows 10, which uses Microsoft’s built-in fingerprint reader support, don’t have to worry.
According to Lenovo, sensitive data—including Windows login credentials and fingerprint data—stored by its security program is encrypted using a weak algorithm. The software also contains a hard-coded password, which could allow someone who discovered this password to decrypt the data and access the computer.
While the software is only present on Windows 7/8/8.1 devices, there are still plenty of businesses and consumers who use Lenovo’s laptops with these versions of the OS. Thankfully, the flaws can’t be exploited remotely; a hacker would require physical access to a device.
Lenovo has released an update for its Fingerprint Management Pro software (version number 8.01.87) that addresses the issues in affected machines. Anyone who owns one of the laptops below and hasn’t yet upgraded to Windows 10 should download the fix as soon as possible.
• ThinkPad L560
• ThinkPad P40 Yoga, P50s
• ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
• ThinkPad W540, W541, W550s
• ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
• ThinkPad X240, X240s, X250, X260
• ThinkPad Yoga 14 (20FY), Yoga 460
• ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
• ThinkStation E32, P300, P500, P700, P900