Lenovo’s fingerprint scanner software is broken, update it today

Lenovo ThinkPad X1 Yoga 3rd-Gen
Matt Smith/Digital Trends
There is a lot of bad news lately when it comes to the security of our PCs and other devices. All kinds of nefarious parties want to break into our machines and access our most vital personal and professional information. That is what makes recent advances in biometric security, such as fingerprint scanners and facial recognition, so welcome. It’s also what makes it so disturbing when there is a flaw in those systems, as was recently the case with Lenovo’s Fingerprint Manager Pro software.

Fingerprint Manager Pro is a Windows 7, 8, and 8.1 utility that enables the fingerprint scanner on certain Lenovo systems to match a user’s fingerprint and use it to log into the machine as well as to authenticate to websites without needing to type in a password. As Lenovo indicates in a recent support bulletin, versions of the utility older than 8.01.87 are vulnerable to attack thanks to a weak algorithm and a hard-coded password — leaving sensitive data accessible to any user with local non-administrative access to a machine.

It is important to note that Windows 10 machines are unaffected, thanks to Microsoft’s built-in fingerprint reader support. If you’re using Windows 10 Hello on a Lenovo system, therefore, you have nothing to worry about.

This isn’t the first time that Lenovo’s fingerprint software has suffered from a lapse in security. In early 2016, the Lenovo Fingerprint Manager and Touch Fingerprint Software utilities were vulnerable to a local privilege escalation that allows users to gain administrator rights when running applications.

Here is a list of the affected systems:

  • ThinkPad L560
  • ThinkPad P40 Yoga, P50s
  • ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
  • ThinkPad W540, W541, W550s
  • ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
  • ThinkPad X240, X240s, X250, X260
  • ThinkPad Yoga 14 (20FY), Yoga 460
  • ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
  • ThinkStation E32, P300, P500, P700, P900

Go update the Lenovo Fingerprint Manager Pro utility today. You can download it here, and then install it as soon as you can to make sure your sensitive data remains protected. While you’re at it, you can check out all of Lenovo’s security advisories here to make sure you’re not exposed.

Editors' Recommendations