The fingerprint-based security system used to unlock Apple's latest iPhone can be bypassed using a household printer and some wood glue, a German hacking group claims.
The alleged bypass of the device's security system means anyone who can take a high-resolution photograph of your fingerprint can easily trick your iPhone 5S's lock button. It also means the intruder can rack up charges through your iTunes account, since the new iPhone lets users make purchases with just a touch.
A spokesman for the Chaos Computer Club said the group managed to fool the phone's biometric sensor over the weekend by creating an copy of a fingerprint.
"It was surprisingly easy," Dirk Engling told The Associated Press in a telephone interview Monday, a day after the group announced the exploit on its website.
Here's how they say they did it: A member of the Chaos Computer Club who goes by the pseudonym Starbug took a high-resolution photograph of a fingerprint left on a glass surface, printed it on a transparent sheet and smeared the pattern with liquid latex or wood glue.
Once the glue set, it could be peeled off and placed on another finger to mimic the genuine print, said Engling.
"We used this method 10 years ago and didn't have to change much for the iPhone," he said. "The hardest bit was getting hold of one of those new iPhones, because they are chronically sold out."
Engling said the club, which has a long history of finding security flaws in software and hardware, documented the procedure with several videos so independent experts could verify it.
David Emm, a senior security researcher at Kaspersky Labs, said the German group's claims exposed the flip side of biometric security systems designed to replace passwords or PINs commonly used nowadays.
"If my passcode becomes compromised, I can simply replace it with a new one. Hopefully one that's more secure. But I can't change my fingerprint. It's part of what I am, and so I'm stuck with it," Emm said.
Engling suggested that Apple could have made its fingerprint system more secure but that this might have caused problems for users if they didn't swipe their finger across the miniature scanner properly and thus got locked out of the device after several failed attempts.
Apple didn't respond to repeated requests for comment.
Al Jazeera and The Associated Press