iPhone X Security Hacks: A $150 Mask… or a 10-Year-Old Son

By Simon Veazey

A tech company claims to have bypassed Apple’s latest 3D face recognition security with a $150 hack.

The 3D face recognition is pitched as the latest advancement in phone security, using 3D infra-red scans in addition to powerful AI software.

Meanwhile, a woman has posted a video of a much-lower tech breach of her $1000 iPhone X’s security system—her 10-year-old son’s face.

Her video joins a number of claims that family members can unlock adults’ phones.

The new iPhone X is displayed during an Apple special event at the Steve Jobs Theatre on the Apple Park campus on Sept. 12, 2017 in Cupertino, Calif. (Justin Sullivan/Getty Images)

Apple’s 3D recognition system is available only on the iPhone X, launched on Nov. 3.

After the launch, rival tech companies were soon probing the system—which simply requires the user to lift the phone in front of their face—for weaknesses.

One week later, a Vietnamese company claimed to have found a way to hack the iPhone, using a mask which they say can be constructed using commercially available 3D printers and equipment.

Tech and security firm Bkav, which also manufactures phones, posted a blog and video last Friday which showed a hack using a mask which they said costs just $150 to make.

Although the mask is cheap, it isn’t easy to make, requiring highly specialised knowledge. Bkav says that the hack should only concern world leaders and billionaires.

The mask consists of composite 3-D-printed plastic, silicone, makeup, and simple paper cutouts—in combination the fooled an iPhone X into unlocking.

So far, Apple has not responded to the claim, directing media outlets to pre-existing documents about its security system.

Apple has designed the system all along to distinguish between high-quality sophisticated masks and real human faces. However, Bkav claimed they had been able to take advantage of the way that the AI software interpreted information and identified faces.

Something about the way the software works also seems to prevent it from seeing the distinctions between faces of relatives that human beings can pick out, according to a number of videos.

Apple had warned before the launch that the system was not secure for those under the age of thirteen because the software struggled to tell younger siblings and family members apart, according to the Guardian

However, videos have emerged showing that younger family members can access the iPhones of their older relatives.

One mother demonstrates in a video how her 10-year-old son can unlock her phone using only his face.

Meanwhile, footage posted online reveals how one teenager’s younger brother can unlock his iPhone X.

Bkav claims that the iPhone X had been hacked were met with scepticism, as other attempts to hack the phone using more sophisticated and detailed masks have failed. 

In response, Bkav posted another video of the hack on Nov 15. and provided further details.


The Achilles’ heel of the Apple 3D security system is the way the AI software was trained to distinguish real faces from the masks made from Hollywood artists, said Ngo Tuan Anh, Bkav’s Vice President of Cyber Security.

“Apple’s AI can only distinguish either a 100 percent real face or a 100 percent fake one. So if you create a ‘half-real half-fake’ face, it can fool Apple’s AI,” he said in a statement.

Bkav admits that whilst the mask appears simple, it takes great expertise to craft it in such a way to fool Apple’s software. They say the shortcomings in Apple’s system are not a concern for most people.

Potential targets of such hacks are not “regular users, but billionaires, leaders of major corporations, national leaders,” according to Bkav researchers. They added that national security agencies such as the FBI need to be aware of the potential security issue.

In 2009 Bkav demonstrated how to bypass face-recognition security in Lenovo and Toshiba laptops.

 
 
 
 
 

Trump: McCain Returning Home to Arizona, Will Likely Miss Tax Vote

Trump: McCain Returning Home to Arizona, Will Likely Miss Tax Vote
WASHINGTON — Republican Sen. John McCain is returning home to Arizona after being hospitalized for the side effects ...
READ MORE >
 

Lead Singer of K-Pop Boy Band Shinee Is Found Dead

Lead Singer of K-Pop Boy Band Shinee Is Found Dead
The lead singer of South Korea's top boy band SHINee died on Monday aged 27, after being taken ...
READ MORE >
 

Putin Thanks Trump for CIA Tip-Off to Russia to Prevent Church Terrorist Attack

Putin Thanks Trump for CIA Tip-Off to Russia to Prevent Church Terrorist Attack
Russian President Vladimir Putin called President Donald Trump on Sunday to thank him for information that allowed Russia ...
READ MORE >
 

US Soldier Ambushed in Niger wasn’t Captured

US Soldier Ambushed in Niger wasn’t Captured
WASHINGTON—An American soldier killed in an ambush in Niger with three comrades but recovered days later wasn't captured ...
READ MORE >
 

Rescuing turtles from ghost net

Rescuing turtles from ghost net
Sea turtles have become entangled in ghost nets floating in the ocean. These creatures are particularly vulnerable to becoming ...
READ MORE >