Lenovo laptop lovers urged to update due to fingerprint reader flaw

If you work from a laptop computer, there's a pretty good chance it's a Lenovo. The company's ThinkPad and IdeaPad lines are popular with businesses. Lenovo revealed late last week that a huge portion of those machines have a potentially serious security flaw. If your Lenovo machine has a fingerprint sensor and is running Windows 7, 8, or 8.1, keep reading.

Lenovo is asking owners of certain ThinkPad, ThinkStation and ThinkCentre machines to patch their systems after finding that its Fingerprint Manager Pro software has a batch of serious security flaws. The most painful among these is a hard-coded password that could grant "all users with local non-administrative access" access to fingerprint reader data and Windows logon credentials.

If your system isn't Think-branded, you're safe. Otherwise, you'll need to pay attention to this disclosure and patch your system, though there's a caveat. If you're running a fully-updated Windows 10, your system isn't vulnerable. Microsoft built fingerprint reader support into Windows 10, so Lenovo's Fingerprint Manager Pro software shouldn't be running on your system. The full list of vulnerable systems follows:

  • ThinkPad L560
  • ThinkPad P40 Yoga, P50s
  • ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
  • ThinkPad W540, W541, W550s
  • ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
  • ThinkPad X240, X240s, X250, X260
  • ThinkPad Yoga 14 (20FY), Yoga 460
  • ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
  • ThinkStation E32, P300, P500, P700, P900

The PC maker credited Jackson Thuraisamy of Security Compass for identifying this critical flaw. It's a pretty nasty one, but it's an easy fix for most. The laptops and tablets the company had on display at CES, on the other hand, should be unaffected.

Comments closed
    • Chrispy_
    • 2 years ago

    As a business, it’s my responsibility to ensure that no OEM bloatware is installed on any company laptops.

    The first thing to do with any Lenovo (especially consumer ones) is secure-erase the hard drive.

      • UberGerbil
      • 2 years ago

      Which works except when the BIOS continues to run / reinstall executables without your consent.

        • tipoo
        • 2 years ago

        Ew, they do that? I’ve heard of the recovery partition baking in the crapware but not the BIOS forcing it.

    • just brew it!
    • 2 years ago

    What about the Lenovo laptop haters? There are a few of them where I work. 😉

      • albundy
      • 2 years ago

      considering the amount of replies on this post, there arn’t many lenovo fans.

        • alloyD
        • 2 years ago

        Each Lenovo laptop has at least one fan. Probably two!

          • chubbyhorse
          • 2 years ago

          [url<]https://m.popkey.co/68972c/brR3j.gif[/url<] BOO!

    • UberGerbil
    • 2 years ago

    Lenovo just [url=https://arstechnica.com/information-technology/2015/08/lenovo-used-windows-anti-theft-feature-to-install-persistent-crapware/<]keeps[/url<] on [url=https://www.makeuseof.com/tag/lenovo-pc-owners-beware-computer-preinstalled-malware/<]doing[/url<] bad/incompetent [url=https://www.computerworld.com/article/2984889/windows-pcs/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html<]things[/url<]. They can make good hardware, but the software side of the house seems like a nightmare. I always lean towards Hanlon's Razor rather than looking for the shadow of Bad Actors in the background, and certainly we've had plenty of other examples of repeated corporate incompetence; but, whatever the reason, at this point I can't imagine recommending Lenovo to anybody.

      • Ryu Connor
      • 2 years ago
      • srg86
      • 2 years ago

      I’ll keep recommending them (only ThinkPads though) due to the quality of the hardware.

      That said, I’ve noticed a lot of my go-to brands seem to be taking the brunt of the bad press of late.

Pin It on Pinterest

Share This