iPhone X Security Hacks: A $150 Mask… or a 10-Year-Old Son

Simon Veazey
By Simon Veazey
November 15, 2017Science & Tech
share
iPhone X Security Hacks: A $150 Mask… or a 10-Year-Old Son
An image of the mask used by Bkav tech company, which they claim unlocks the iPhone X. (Bkav)

A tech company claims to have bypassed Apple’s latest 3D face recognition security with a $150 hack.

The 3D face recognition is pitched as the latest advancement in phone security, using 3D infra-red scans in addition to powerful AI software.

Meanwhile, a woman has posted a video of a much-lower tech breach of her $1000 iPhone X’s security system—her 10-year-old son’s face.

Her video joins a number of claims that family members can unlock adults’ phones.

NTD Photo
The new iPhone X is displayed during an Apple special event at the Steve Jobs Theatre on the Apple Park campus on Sept. 12, 2017 in Cupertino, Calif. (Justin Sullivan/Getty Images)

Apple’s 3D recognition system is available only on the iPhone X, launched on Nov. 3.

After the launch, rival tech companies were soon probing the system—which simply requires the user to lift the phone in front of their face—for weaknesses.

One week later, a Vietnamese company claimed to have found a way to hack the iPhone, using a mask which they say can be constructed using commercially available 3D printers and equipment.

Tech and security firm Bkav, which also manufactures phones, posted a blog and video last Friday which showed a hack using a mask which they said costs just $150 to make.

Although the mask is cheap, it isn’t easy to make, requiring highly specialised knowledge. Bkav says that the hack should only concern world leaders and billionaires.

The mask consists of composite 3-D-printed plastic, silicone, makeup, and simple paper cutouts—in combination the fooled an iPhone X into unlocking.

So far, Apple has not responded to the claim, directing media outlets to pre-existing documents about its security system.

Apple has designed the system all along to distinguish between high-quality sophisticated masks and real human faces. However, Bkav claimed they had been able to take advantage of the way that the AI software interpreted information and identified faces.

Something about the way the software works also seems to prevent it from seeing the distinctions between faces of relatives that human beings can pick out, according to a number of videos.

Apple had warned before the launch that the system was not secure for those under the age of thirteen because the software struggled to tell younger siblings and family members apart, according to the Guardian

However, videos have emerged showing that younger family members can access the iPhones of their older relatives.

One mother demonstrates in a video how her 10-year-old son can unlock her phone using only his face.

Meanwhile, footage posted online reveals how one teenager’s younger brother can unlock his iPhone X.

Bkav claims that the iPhone X had been hacked were met with scepticism, as other attempts to hack the phone using more sophisticated and detailed masks have failed. 

In response, Bkav posted another video of the hack on Nov 15. and provided further details.


The Achilles’ heel of the Apple 3D security system is the way the AI software was trained to distinguish real faces from the masks made from Hollywood artists, said Ngo Tuan Anh, Bkav’s Vice President of Cyber Security.

“Apple’s AI can only distinguish either a 100 percent real face or a 100 percent fake one. So if you create a ‘half-real half-fake’ face, it can fool Apple’s AI,” he said in a statement.

Bkav admits that whilst the mask appears simple, it takes great expertise to craft it in such a way to fool Apple’s software. They say the shortcomings in Apple’s system are not a concern for most people.

Potential targets of such hacks are not “regular users, but billionaires, leaders of major corporations, national leaders,” according to Bkav researchers. They added that national security agencies such as the FBI need to be aware of the potential security issue.

In 2009 Bkav demonstrated how to bypass face-recognition security in Lenovo and Toshiba laptops.