BERLIN (AP) — The fingerprint-based security system used to unlock Apple's latest iPhone can be bypassed using a household printer and some wood glue, a German hacking group has claimed.
A spokesman for the Chaos Computer Club said the group managed to fool the biometric sensor in the iPhone 5S over the weekend by creating an artificial copy of a genuine fingerprint.
"It was surprisingly easy," Dirk Engling told The Associated Press in a telephone interview Monday, a day after the group announced the exploit on its website.
A member of the Chaos Computer Club going by the pseudonym Starbug took a high-resolution photograph of a fingerprint left on a glass surface, printed it onto a transparent sheet and smeared the pattern with liquid latex or wood glue. Once the glue set, it could be peeled off and placed on another finger to mimic the genuine print, said Engling.
"We used this method 10 years ago and didn't have to change much for the iPhone," he said. "The hardest bit was getting hold of one of those new iPhones because they are chronically sold out."
Engling said the Chaos Computer Club, which has a long history of finding security flaws in soft- and hardware, documented the procedure with several videos so independent experts could verify it.
David Emm, a senior security researcher at Kaspersky Labs, said the German group's claims exposed the flipside of biometric security systems designed to replace passwords or PIN numbers commonly used nowadays.
"If my passcode becomes compromised, I can simply replace it with a new one — hopefully one that's more secure. But I can't change my fingerprint — it's part of what I am and so I'm stuck with it," Emm said.
Engling suggested that Apple could have made its fingerprint system more secure, but that this might have caused problems for users if they didn't swipe their finger across the miniature scanner properly and thus got locked out of the device after repeated failed attempts.
"Apple had to strike a balance between security and user-friendliness," he said.
Apple didn't respond to repeated requests for comment.
Frank Jordans can be reached at http://www.twitter.com/wirereporter
Copyright 2013 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
A federal civil rights lawsuit filed by a Los Alamos Police Detective against his former employers has been settled for $600,000.
A few tips on how to prevent thieves from taking your stuff over Winter Break, a look at the right to die trial, and other stories with Matt Mauro, Elizabeth Mauro and weather with Meteorologist Kristen Van Dyke.
NMFOG says government agency cannot bar someone from access to information just because it does not like what that person says about the agency.
Some Cleveland High School students say a traffic plan for getting them out of school forces them to take a dangerous and tricky left turn onto a 55 mph road, something parents and staff don't have to do.
An emotional mother is still waiting for answers about what happened to her missing daughter.
The federal jury weighing a life or death sentence for convicted killer John McCluskey has announced it couldn't reach a decision.