I have always been a huge ThinkPad fan. I don't recall when I got my first ThinkPad, but it must be close to twenty years now. I was a little skeptical when IBM sold the ThinkPad line to Lenovo, but I haven't been too disappointed with my recent purchases. I configure the fingerprint software on the ThinkPad to add biometric access. Apparently, there is a HUGE security problem with the Lenovo Fingerprint Manager Pro software on some laptop models. It is possible for someone with local non-administrative access to read Windows logon credentials and fingerprint data. The data is encrypted using a weak algorithm and access includes a hard-coded password. Yet again, another reason why backdoors are a bad thing. It's comforting to know that the bad guys must have physical access to your computer.
The laptops with a problem include:
- ThinkPad L560
- ThinkPad P40 Yoga, P50s
- ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
- ThinkPad W540, W541, W550s
- ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
- ThinkPad X240, X240s, X250, X260
- ThinkPad Yoga 14 (20FY), Yoga 460
- ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
- ThinkStation E32, P300, P500, P700, P900
The good news is that Lenovo has a patch to fix the problem. The bonus is that my ThinkPad is not one of the impacted models.
E-mail: email@example.com Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology