BGR writes today of a worrying new security flaw that has been discovered by a blogger that appears to enable thieves to use Apple Pay on a stolen Apple Watch without having to enter the original owner’s PIN code.
The apparent vulnerability appears to be the result of the way in which the Apple Watch uses sensors to detect when the owner is wearing it, and thus eliminates the need to input the security code when the Watch is being worn, and also lets the user make payments with Apple Pay without having to input a PIN.
When a Watch is removed from the wrist the sensors detect this and PIN security is enabled, and this is where the possible security flaw occurs, as there is a delay of around a second when the Watch is taken off the wrist before PIN security is re-enabled. Also, the sensors can’t tell the difference between a wrist and a finger, so a thief could, in theory, snatch a Watch from someone’s wrist, then cover the sensors so that PIN security remains disabled.
As the video shows, it doesn’t work every time, but even so, it’s still a flaw that Apple will need to deal with quickly.