Biometric locking is one of the best and safest ways to secure a personal device. The most used biometric method is the fingerprint. Every single human owns a distinct and unique fingerprint. Moreover, fingerprint sensors are easier to manufacture and integrate into devices. Lenovo has also integrated fingerprint method into their laptops to ensure maximum security. However, there is a bug present in the system that needs to be fixed beforehand.
The fingerprint flaw
According to Lenovo, the Lenovo Fingerprint Manager Pro software on a number of laptop series – ThinkPad, ThinkCentre, and ThinkStation systems contain a critical local privilege escalation vulnerability (CVE-2017-3762).
The Lenovo Fingerprint Manager Pro is a sensitive software that holds the user’s biometric data and Windows login credentials. Unfortunately, the software used a weak encryption method with a weak algorithm. There’s also a hard-coded password present that all users can access. An attacker who can physically access the system can view fingerprint data and login credentials and use them for a future attack. This bug also allows bypassing fingerprint verification to steal sensitive data like Windows login information.
Fortunately, the vulnerability isn’t exploitable via the internet. Only others with physical access could potentially exploit the system. This vulnerability in the software affects the following Lenovo laptops. Only Windows 7, 8 & 8.1 are affected by this bug.
- ThinkPad L560
- ThinkPad P40 Yoga, P50s
- ThinkStation E32, P300, P500, P700, P900
- ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
- ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
- ThinkPad Yoga 14 (20FY), Yoga 460
- ThinkPad W540, W541, W550s
- ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
- ThinkPad X240, X240s, X250, X260
How to stay secured
This bug is reported and resolved by Lenovo. Patch for this flaw is already available. You need to update your Lenovo Fingerprint Manager Pro to v8.01.87 or higher. Download Lenovo Fingerprint Manager Pro.
Windows 10 users don’t have to worry about this bug. It’s because Windows 10 has its own fingerprint manager – Windows Hello, Microsoft’s home-baked software for fingerprint recognition.
Windows Update is also essential to keep your system secured and tight. Recently, Microsoft disabled the security patch for Spectre variant 2 on Windows systems. The patch could potentially cause more damage than the Spectre. Moreover, there has been no report of using Spectre variant 2 to exploit other systems. The patch caused more unexpected reboots and other issues. Check out more info.