Hive Box Facial-Recognition Locks Hacked by Fourth Graders Using Intended Recipient’s Facial Photo

Hive Box, a Chinese smart locker company claiming to operate the world's largest network of express delivery lockers, had a critical security vulnerability in their facial-recognition system. Fourth-grade students from Jiaxing in Zhejiang province discovered that the facial-recognition locks could be opened using only printed photographs of intended recipients' faces. The discovery was reported on a local TV program called Haoqi Shiyanshi (Curious Labs), where the host replicated the exploit with nearly perfect success. The vulnerability left packages stored in the lockers vulnerable to theft by anyone with a photo of the recipient. Hive Box operates across China in over 100 cities, with 200 million people retrieving 2.5 billion packages from their smart lockers in the previous year, accounting for approximately 5% of China's total parcel deliveries. Following the TV broadcast that aired on Tuesday, Hive Box issued a statement the next day explaining that the facial-recognition feature was still in beta testing and suspended the feature after the security flaw was revealed. The incident highlights broader concerns about facial-recognition implementation in China, where a January study by the State Administration for Market Regulation found that 15% of leading smart locks using facial-recognition technology could be opened using photographs.