Lenovo's proves once again they can't be trusted to keep your PC secure

Home » Hardware

Reading time icon 1 min. read

Calendar icon Published on

by Surur Davids 

published on

Share this article

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Lenovo’s target market is enterprise customers, which makes their repeated security issues rather perplexing.

In 2015 they released PCs with Superfish adware which made them vulnerable to being remotely exploited.  In 2016 they released PCs with a vulnerable driver. Also in 2016 their Lenovo Solution Centre (LSC) included a vulnerability which could allow anyone to execute arbitrary code if they have access to your local network,

The company has once again let the side down by exposing Lenovo PC owners to being having their private information stolen.

On this occasion it was discovered that Lenovo’s Fingerprint Manager Pro software comes with a hardcoded password, weak encryption, can be accessed from accounts without admin privileges and exposes a user’s login credentials and fingerprint data.

The software came installed on around 50 ThinkPad, ThinkCentre or ThinkStation models, but the good news is that only  Windows 7, 8 and 8.1 devices are affected, as Microsoft took direct charge of biometric security with Windows Hello in Windows 10, making the software unnecessary.

The software can also not be exploited remotely, though presumably a local exploit e.g. on a shared PC would reveal all your data.

Lenovo has released a patch which can be found here.

Via Engadget.com

Surur Davids

Surur Davids Shield

Smartphone Expert

Surur Davids is the founder of WMPoweruser which later became MSPoweruser.com. He's a smartphone expert with over a decade of experience.

User forum

0 messages