Lenovo Issues Software Update For Serious ThinkPad Fingerprint Reader Security Exploit

If you have an older ThinkPad, ThinkCentre or ThinkStation PC with an integrated fingerprint reader, you might want to download Lenovo's latest software update. The company has acknowledged that a flaw in its Fingerprint Management Pro software could allow a malicious actor with physical access to your device login with a hard-coded password, bypassing the fingerprint reader.

Lenovo says that the flaw affects Lenovo machines running Windows 7, Windows 8 and Windows 8.1. "Sensitive data stored by Lenovo Fingerprint Manager Pro, including users’ Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in," Lenovo writes in a new support document.

lenovo t440s

It should be noted that Lenovo PCs running Windows 10 are not affected by this exploit, as they rely on that operating system's own built-in fingerprint authentication system. The following Lenovo systems are affected by the Fingerprint Manager Pro security exploit:

  • ThinkPad L560
  • ThinkPad P40 Yoga, P50s
  • ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
  • ThinkPad W540, W541, W550s
  • ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
  • ThinkPad X240, X240s, X250, X260
  • ThinkPad Yoga 14 (20FY), Yoga 460
  • ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
  • ThinkStation E32, P300, P500, P700, P900

Users of these devices are encouraged to download Fingerprint Manager Pro version 8.01.87 immediately.