What's new
Apple iPad Forum 🍎

Welcome to the Apple iPad Forum, your one stop source for all things iPad. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Possible Apple Watch/Apple Pay Security Flaw Discovered

Maura

iPadForums News Team
Joined
Jun 7, 2010
Messages
3,894
Reaction score
261
Location
UK
Apple Watch security flaw.JPG

BGR writes today of a worrying new security flaw that has been discovered by a blogger that appears to enable thieves to use Apple Pay on a stolen Apple Watch without having to enter the original owner’s PIN code.

The apparent vulnerability appears to be the result of the way in which the Apple Watch uses sensors to detect when the owner is wearing it, and thus eliminates the need to input the security code when the Watch is being worn, and also lets the user make payments with Apple Pay without having to input a PIN.


When a Watch is removed from the wrist the sensors detect this and PIN security is enabled, and this is where the possible security flaw occurs, as there is a delay of around a second when the Watch is taken off the wrist before PIN security is re-enabled. Also, the sensors can’t tell the difference between a wrist and a finger, so a thief could, in theory, snatch a Watch from someone’s wrist, then cover the sensors so that PIN security remains disabled.

As the video shows, it doesn’t work every time, but even so, it’s still a flaw that Apple will need to deal with quickly.

Source: http://bgr.com/2015/05/20/apple-watch-security-flaw-apple-pay/
 

scifan57

Administrator
Staff member
Joined
Dec 3, 2011
Messages
34,947
Reaction score
23,010
Location
Regina,Canada
It's not very practical for the thief, though. First he'd have to immobilize the victim for a minimum of several seconds while he tried to unfasten the watch band, all without breaking skin contact with the sensors. Then he'd have to slip his finger under the watch to maintain skin contact, remove the watch from the victims arm and strap it on his own wrist. This would all take much longer than the average snatch and grab purse theft, for example. The odds would be against the thief getting away without getting caught.
 

John903

iPF Noob
Joined
May 3, 2015
Messages
23
Reaction score
2
I heard that if you're quick enough and steal the watch and slap it on your butt Cheeks, it works much better and more reliable.
 

scifan57

Administrator
Staff member
Joined
Dec 3, 2011
Messages
34,947
Reaction score
23,010
Location
Regina,Canada
I experimented with my Apple Watch and discovered that the watch was passcode locked in less than a second after removing it from my wrist.
 

Most reactions

Latest posts

Top