Loading...

February 03, 2018

Lenovo: A Hackable Fingerprint Manager With Its Laptops

Loading...
Increasingly, manufacturers choose to incorporate biometric sensors into their equipment, which can ensure additional levels of security and provide firm protection to users.

However, as they depend on software, these systems are exposed to problems and failures. This is precisely what happens now with several models of the ThinkPad line and its fingerprint reader.
The ThinkPad security issue

It was Lenovo itself that disclosed the serious flaw that exists in Fingerprint Manager Pro, its fingerprint management software, that could allow unauthorized access to sensitive user data such as Windows credentials and access data to Internet sites.

According to the mark, this application protects the data using a weak cypher algorithm and still has a master password, which can also be easily obtained. Any system user, even without administrator permissions, can gain access to this data.

The good news is that this flaw only affects Windows 7, Windows 8 and Windows 8.1. In the case of Windows 10, the failure does not exist because Lenovo chose to use the Windows engines. There is also an indication that this failure requires physical access to the equipment to be exploited.
Models affected by this failure

Lenovo has well-identified equipment that is vulnerable to the presence of the Fingerprint Manager Pro, and has shared the list where the affected models are indicated and here are the models mentioned below:-

    ThinkPad L560
    ThinkPad P40 Yoga, P50s
    ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
    ThinkPad W540, W541, W550s
    ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
    ThinkPad X240, X240s, X250, X260
    ThinkPad Yoga 14 (20FY), Yoga 460
    ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
    ThinkStation E32, P300, P500, P700, P900

The solution has already been released

To resolve the problem Lenovo changed the points of failure identified in Fingerprint Manager Pro and has already released a new version where the problem does not exist.

This is why everyone is advised to upgrade to the latest version available on this page. All you have to do is install the new version to eliminate the problem.

Despite being a major flaw, with major implications for user data security, Lenovo was quick to respond and presented the solution to mitigate the problem.

So, what do you think about this major security flaw? Simply share all your views and thoughts in the comment section below.
Share This
Previous Post
Next Post

This Post was publish by the above Author

0 comments: