Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lenovo's Fingerprint Scanner Can Be Bypassed via a Hardcoded Password (bleepingcomputer.com)

Posted by msmash on from the security-woes dept.

Lenovo has issued an update to address a vulnerability in its fingerprint scanner app that it ships with ThinkPad, ThinkCentre, and ThinkStation models running Windows 8.1 or older version of Windows. From a report: Fingerprint Manager Pro is an application developed by Lenovo that allows users to log into Windows machines and online websites by scanning one of their fingerprints using the fingerprint scanner embedded in selected Lenovo products. "A vulnerability has been identified in Lenovo Fingerprint Manager Pro," said Lenovo in a security advisory published last week. "Sensitive data stored by Lenovo Fingerprint Manager Pro, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in," the company said.

6 of 67 comments (clear)

  1. I'm surprised most companies permit this by froggyjojodaddy · · Score: 4, Informative

    A few years ago, Mythbusters had an episode where they showed how easy it was to fool fingerprint scanners into granting access.

    The place where I work prohibits this via IT Policy and disables the fingerprint scanner on all laptops

    1. Re:I'm surprised most companies permit this by 110010001000 · · Score: 2

      The two largest commercially available closed source operating systems have major security flaws that ship with the OS. Why would you care about a fingerprint scanner?

    2. Re:I'm surprised most companies permit this by omnichad · · Score: 3, Funny

      On a laptop, there are plenty of places right on the laptop itself you could lift a print from.

    3. Re:I'm surprised most companies permit this by 110010001000 · · Score: 2

      What knowledge? There are one line exploits ready to made already out there. How would a firewall help?

    4. Re:I'm surprised most companies permit this by rogoshen1 · · Score: 2

      it might be too soon to try your finger.. maybe put on some smooth jazz and give it a glass of wine?

  2. Re: This is why I install Linux on every new PC by Aighearach · · Score: 2

    I've been using linux since the 90s, and I always tell people, don't use linux unless you know what you're doing, or don't know what an OS is.

    Please don't use linux. There is nothing warm and fuzzy about it. The simple fact is that if you're not either a computer professional/enthusiast, or a very casual computer user, then you have no reason to use it. It will only be harder to use, and won't run most of your software.

    If you're casual enough that you would never try to install software without help, you just want to use some basic office and internet functionality, then great, you can make good use of linux by having somebody set it up for you. As long as you don't want to change anything, it will Just Work for a long long time.

    But if you're not an expert, and you want to be able to run random software on your computer, perhaps that you purchased in a box at a store, then please don't bother. Just use a consumer OS. Filling linux forums with your stupid questions is just going to frustrate you because you shouldn't even be asking for help. You don't even have a reason to be using it.

    Never use software tools unless you have a use case for them. Read a book or something. Go for a walk.