Security flaw makes Apple Watches vulnerable to nimble thieves

News
By published

A flick of the wrist

Apple Watch
You can exploit the Apple Watch's sensor to keep it from locking

A blogger has discovered what could potentially be a rather serious security flaw with the Apple Watch, with crafty thieves able to trick the wearable into believing it is still being worn by its owner.

The flaw exploits a feature of the Apple Watch that uses sensors to detect when it is being worn on a wrist. When you put on the Apple Watch you enter in your security pin, then as long as the Apple Watch knows it is still in contact with the wrist, you don't have to enter in the pin again.

This feature makes using the Apple Watch to pay for things via Apple Pay more convenient, but it's also open to exploits.

Bait and switch

When the sensor detects that the wrist is no longer in contact with the Apple Watch, the wearable locks itself, requiring you to enter in a pin next time you wear it. If someone removes it from your wrist and puts it on themselves, they will need to enter in that pin.

However it was discovered that there are two weaknesses to Apple's implementation; the first is that the sensor takes about a second to detect that it's not being touched by the wrist. While this means that it doesn't accidentally lock itself when the Apple Watch moves when being worn, it does provide thieves with a window – no matter how slight.

The other weakness is that the sensor cannot differentiate between a wrist and a finger, so someone could steal the Apple Watch and then place a finger over the sensor to keep it from being locked.

The thief could then use your Apple Watch to pay for things without having to enter in any pin. The blogger at WonderHowTo posted a video on how this flaw could be exploited.

As you can see from the video it is tricky to pull off, and will be very difficult to perform without the wearer noticing, but it is possible.

We also tried the method here and can confirm that it does work (don't worry, we returned the Apple Watch to its owner afterwards).

Although you might be concerned that by posting a video on how to do this will simply teach thieves the trick, it should hopefully bring the issue to the attention of Apple, who could eliminate the risk by reducing the time the sensor takes to notice it's not attached to the wrist, or by replacing it with a more sophisticated device in the next model.

Until then, be extra weary and if your Apple Watch does get stolen make sure you cancel any cards connected to the device to be on the safe side.

Via BGR

See more News about Smartwatches
Matt Hanson
Matt Hanson
Managing Editor, Core Tech

Matt is TechRadar's Managing Editor for Core Tech, looking after computing and mobile technology. Having written for a number of publications such as PC Plus, PC Format, T3 and Linux Format, there's no aspect of technology that Matt isn't passionate about, especially computing and PC gaming. He’s personally reviewed and used most of the laptops in our best laptops guide - and since joining TechRadar in 2014, he's reviewed over 250 laptops and computing accessories personally.

Latest in Smartwatches
Apple Watch Ultra 2 move data
Apple is reportedly planning a huge future Apple Watch upgrade to turn it into an AI device with onboard cameras
Apple watch pair with iphone
The Apple Watch SE 3 is apparently in 'serious jeopardy', and the news isn't much better for the Ultra 3 or Series 11
Oppo Watch Mini X2 teaser
Oppo Watch X2 Mini teaser could be our first glimpse of the smaller OnePlus Watch 3
Google Pixel Watch 3
Google Pixel Watch 3's Loss of Pulse Detection could save your life – here's how the company created it
Apple Watch foldable display patent
Forget the folding iPhone – Apple has patented a foldable Apple Watch with two screens
Apple Watch Ultra 2
7 hidden features on your Apple Watch you should start using right now
Latest in News
A phone showing a ChatGPT app error message
ChatGPT is down for many – here's what's going on
AirPods Max with USB-C in every color
Apple's AirPods Max with USB-C will get lossless audio in April, but you'll need to go wired
A woman sitting in a chair looking at a Windows 11 laptop
It looks like Microsoft might have thought better about banishing Copilot AI shortcut from Windows 11
US flags
US government IT contracts set to be centralized in new Trump order
Tesla Roadster 2
Tesla is still taking deposits on its long overdue Roadster, despite promising it would arrive in 2020
Samsung HW-Q990D soundbar with Halloween theme over the top
Samsung promises to repair soundbars bricked by its disastrous software update for free – but it'll probably involve shipping
More about smartwatches
Apple Watch Ultra 2 move data

Apple is reportedly planning a huge future Apple Watch upgrade to turn it into an AI device with onboard cameras
Apple watch pair with iphone

The Apple Watch SE 3 is apparently in 'serious jeopardy', and the news isn't much better for the Ultra 3 or Series 11
A screenshot from The First Berserker: Khazan

I got absolutely destroyed by The First Berserker: Khazan’s bosses for hours on end and loved every second of it
See more latest