Possible Apple Watch/Apple Pay Security Flaw Discovered

Discussion in 'Apple iPad News' started by Maura, May 21, 2015.

By Maura on May 21, 2015 at 3:25 PM
  1. Maura

    Maura
    Expand Collapse
    iPadForums News Team

    Joined:
    Jun 7, 2010
    Messages:
    3,514
    Thanks Received:
    203
    Apple Watch security flaw.JPG

    BGR writes today of a worrying new security flaw that has been discovered by a blogger that appears to enable thieves to use Apple Pay on a stolen Apple Watch without having to enter the original owner’s PIN code.

    The apparent vulnerability appears to be the result of the way in which the Apple Watch uses sensors to detect when the owner is wearing it, and thus eliminates the need to input the security code when the Watch is being worn, and also lets the user make payments with Apple Pay without having to input a PIN.


    When a Watch is removed from the wrist the sensors detect this and PIN security is enabled, and this is where the possible security flaw occurs, as there is a delay of around a second when the Watch is taken off the wrist before PIN security is re-enabled. Also, the sensors can’t tell the difference between a wrist and a finger, so a thief could, in theory, snatch a Watch from someone’s wrist, then cover the sensors so that PIN security remains disabled.

    As the video shows, it doesn’t work every time, but even so, it’s still a flaw that Apple will need to deal with quickly.

    Source: http://bgr.com/2015/05/20/apple-watch-security-flaw-apple-pay/
     

Comments

Discussion in 'Apple iPad News' started by Maura, May 21, 2015.

    1. scifan57
      scifan57
      It's not very practical for the thief, though. First he'd have to immobilize the victim for a minimum of several seconds while he tried to unfasten the watch band, all without breaking skin contact with the sensors. Then he'd have to slip his finger under the watch to maintain skin contact, remove the watch from the victims arm and strap it on his own wrist. This would all take much longer than the average snatch and grab purse theft, for example. The odds would be against the thief getting away without getting caught.
    2. John903
      John903
      I heard that if you're quick enough and steal the watch and slap it on your butt Cheeks, it works much better and more reliable.
    3. scifan57
      scifan57
      I experimented with my Apple Watch and discovered that the watch was passcode locked in less than a second after removing it from my wrist.

Share This Page