The title might be dismissed as just another pro-West (read the U.S.) and anti-Chinese in their never-ending tug of war to be the world superpower. However, Lenovo, a leading computer brand made in China does very little to assure users that it has no close ties with Shanghai; that it is conducting corporate espionage on behalf of China.
It is Lenovo computers that were donated by China to the Caribbean countries and led to shocking news that they were being used to spy on government official and companies of interest in the region. More on this in our earlier article at this links here and here.
Not forgetting those allegations back in 2016 that Lenovo PC came with vulnerable drivers and desktop applications. That were vulnerable to anyone executing arbitrary code if they have access to your local network.
Now, the company is again being accused of exposing users’ private information through the Lenovo Fingerprint Manager Pro software. The app is said to come with a hardcoded password, weak encryption, and can be accessed by a user using a different account on the computer. They don’t even need to have admin privileges to access the information. The app essentially exposes a user’s login credential and fingerprint data.
Lenovo running Windows 10 not affected
The vulnerability with the Lenovo Fingerprint Manager Pro software only affects PC running Windows 7, 8, and 8.1. Windows 10 PCs seem to be immune thanks to the fact that Microsoft took over that functionality (complete with releasing the appropriate drivers) under its Windows Hello authentication system.
On Lenovo PCs running Windows 10, the Lenovo Fingerprint Manager Pro software is not necessary. Other early versions of Windows are vulnerable and can be exploited locally by a user using a different account on the same shared computer. The software comes preinstalled on Lenovo 50 ThinkPad, ThinkStation, and ThinkCentre. Though Lenovo has since come out and issued a patch, as evidenced here.