A wide range of Lenovo laptop models has been fixed on a high severity vulnerability that allowed hackers with physical access to log in and then obtain users’ sensitive data and Windows login credentials.
Lenovo confirmed the vulnerability in its Fingerprint Manager Pro software that comes bundled in most of its Think models. ThinkPad, ThinkCentre, and ThinkStation Lenovo models are the models which are typically made with the vulnerability residing in the Lenovo Fingerprint Manager Pro.
Users’ Windows login credentials and fingerprint data are the sensitive data stored by Lenovo Fingerprint Manager Pro, and it is said to be encrypted using a weak algorithm, containing a hard-coded password. As we all know weak encryption algorithm makes it easy and possible for someone with local non-administrative access to read Windows Login credentials and fingerprint data for malicious reasons. However, even if you logged in on the PC, you won’t be able to access someone’s casino personal details. Sites such as www.houseofjack.com use the latest Secure Sockets Layer (SSL) encryption technology to ensure your information is safe online.
This is quite a tragedy to think of how many people use these models and how many could have, or are in the process of being hacked. With this being the case the company is urging people to upgrade to version 8.01.87 because this version has a better encryption algorithm. This vulnerability only targets people with machines running Windows 7, and Windows 8.1, so for a Windows 10 user ‘you are on a safe side’.
To perform the hack, hackers exploit the security hole by having physical access to an affected machine, so to stay safe the Lenovo users should make sure there is no Shifty Steve anywhere close to their computers. Although physical access is required to exploit the vulnerability it is always safe to be sure that you are free from hacks especially if you are taking part in activities like real money online gambling. Windows login credentials are designed specifically to safeguard the user against scenarios where a user loses control of their hardware.