If you work from a laptop computer, there's a pretty good chance it's a Lenovo. The company's ThinkPad and IdeaPad lines are popular with businesses. Lenovo revealed late last week that a huge portion of those machines have a potentially serious security flaw. If your Lenovo machine has a fingerprint sensor and is running Windows 7, 8, or 8.1, keep reading.
Lenovo is asking owners of certain ThinkPad, ThinkStation and ThinkCentre machines to patch their systems after finding that its Fingerprint Manager Pro software has a batch of serious security flaws. The most painful among these is a hard-coded password that could grant "all users with local non-administrative access" access to fingerprint reader data and Windows logon credentials.
If your system isn't Think-branded, you're safe. Otherwise, you'll need to pay attention to this disclosure and patch your system, though there's a caveat. If you're running a fully-updated Windows 10, your system isn't vulnerable. Microsoft built fingerprint reader support into Windows 10, so Lenovo's Fingerprint Manager Pro software shouldn't be running on your system. The full list of vulnerable systems follows:
- ThinkPad L560
- ThinkPad P40 Yoga, P50s
- ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
- ThinkPad W540, W541, W550s
- ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
- ThinkPad X240, X240s, X250, X260
- ThinkPad Yoga 14 (20FY), Yoga 460
- ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
- ThinkStation E32, P300, P500, P700, P900
The PC maker credited Jackson Thuraisamy of Security Compass for identifying this critical flaw. It's a pretty nasty one, but it's an easy fix for most. The laptops and tablets the company had on display at CES, on the other hand, should be unaffected.