Apple Watch Vulnerable to Theft With No Activation Lock

MacRumors · May 13, 2015

Our iPhones and iPads are protected by Activation Lock, a security feature that prevents thieves from wiping and using a stolen Apple device with a new account, but the recently released Apple Watch has no similar security feature.

As pointed out by iDownloadBlog in a detailed post on the security of the Apple Watch, there is nothing that stops a lost or stolen Apple Watch from being wiped and paired with a new iPhone. The Apple Watch has a passcode option that requires a sequence of numbers to be entered every time it's removed from a wrist, but the passcode protects only data.

The passcode is also easily bypassed with a reset. Pressing down on the side button of the Apple Watch brings up the power down options and a force press on this screen brings up an option to Erase All content and Settings. Erasing the Apple Watch in this manner erases the passcode and allows the Apple Watch to be paired with a new device, with no hint of the original owner's information available.

Because there's no Activation Lock and because the Apple Watch is reliant on the iPhone, there's also no Find My iPhone option to locate a lost or stolen Apple Watch. Due to this lack of security, it's possible the Apple Watch will become a major target for thieves.

It's an expensive device (especially the higher-end Edition versions), it's compact, it's highly desirable, it has a high resale value like all of Apple's products, and it's easily visible on a wrist rather than hidden away in a bag or pocket like an iPhone. In short, it's an easy target for muggers.

iPhone theft in major cities like San Francisco and New York became such an issue that government officials called for Apple and other cell phone manufacturers to implement a "kill switch" that would disable stolen devices, leading to the eventual release of Activation Lock alongside iOS 7.

Activation Lock had a positive impact on smartphone thievery, dropping iPhone theft by 25 percent in New York, 40 percent in San Francisco, and 50 percent in London as of early 2015. If Apple Watch theft causes crime rates to spike like iPhone theft, it's possible lawmakers will once again step in to call upon Apple to improve the security of the wrist worn device.

As iDownloadBlog notes, Apple could potentially introduce stricter security measures in a future version of Watch OS. A simple solution would check the last known Apple ID of a paired device, refusing a new connection without a password or other authentication. Given the number of sensors in the Apple Watch, it's also not unimaginable that a future biometric solution could also be implemented for additional security.

Article Link: Apple Watch Vulnerable to Theft With No Activation Lock

bbeagle · May 13, 2015

Why is only Apple Watch singled out?

EVERY smart watch and NON-smart watch - even those costing thousands of dollars more - operates in the same way. Lose the watch, or get it stolen, someone else can use it like it was theirs.

Every Rolex, Timex, Moto 360.... all work the same way. Why single out Apple Watch?

keysofanxiety · May 13, 2015

MacRumors said:
The passcode is also easily bypassed with a reset. Pressing down on the side button of the Apple Watch brings up the power down options and a force press on this screen brings up an option to Erase All content and Settings. Erasing the Apple Watch in this manner erases the passcode and allows the Apple Watch to be paired with a new device, with no hint of the original owner's information available.

Well if thieves didn't know what to do before, they do now.

At least this article should bring it to Apple's attention. I foresee an update shortly.

sniffies · May 13, 2015

Not an issue since there are only 5 watches in the wild.

goobot · May 13, 2015

bbeagle said:
Why is only Apple Watch singled out?

EVERY smart watch and NON-smart watch - even those costing thousands of dollars more - operates in the same way. Lose the watch, or get it stolen, someone else can use it like it was theirs.

Every Rolex, Timex, Moto 360.... all work the same way. Why single out Apple Watch?

Because this is an apple form.

furam90 · May 13, 2015

I also made a thread on the forums before regarding the optical sensor protection flaw.

It is easily bypassable, if someone just puts their finger underneath the sensor when taking off the device they are not prompted for a PIN. So you could easily take someone elses information as well.

https://forums.macrumors.com/threads/1881221/

Of course, my post was dismissed and people said it wasn't an issue.

max-man · May 13, 2015

Seriously? This makes it as news? Who cares? The data is protected, that is far more important.

You buy a Rolex and it gets stolen... guess what? the thief can still wear it and check the time.

jthesssin · May 13, 2015

Agree with all of you

Why is this an issue? The other smartwatches on the market don't even have basic passcode security, let alone findmy****.
This will get blown all out of proportion as all other ****gates related to Apple.
The good news is, its only a problem, cause people actually WANT to steal a smart-watch now

GO APPLE!!!

turtl3rs · May 13, 2015

Great, right when I was thinking that if a thief stole my watch, he/she wouldn't be able to unlock or erase it, thereby making it useless.

jsalda · May 13, 2015

bbeagle said:
Why is only Apple Watch singled out?

EVERY smart watch and NON-smart watch - even those costing thousands of dollars more - operates in the same way. Lose the watch, or get it stolen, someone else can use it like it was theirs.

Every Rolex, Timex, Moto 360.... all work the same way. Why single out Apple Watch?

I agree. The only thing I can add is that the Apple Watch is a high profile piece. Most thieves will be able to instantly recognize it, whereas they would not be able to tell the difference between a Patek Phillipe and a Timex.

deadandalive · May 13, 2015

Thanks for the step by step instructions letting people know why it is a great idea to steal my Watch

ArtOfWarfare · May 13, 2015

It's a non-issue because it's securely strapped to your wrist. Phones are an easy target because it's easy to pick pocket, or to grab out of a purse, or to just grab it right out of someone's hands as they're using it.

Stealing a watch requires you to be willing to do more than just basic robbery and actually assault or threaten someone. Obviously people willing to commit such crimes exist, but I think they are a minority among those willing to steal.

Jack Delgado · May 13, 2015

max-man said:
Seriously? This makes it as news? Who cares? The data is protected, that is far more important.

You buy a Rolex and it gets stolen... guess what? the thief can still wear it and check the time.

If we applied the rationale that the Apple watch shouldn't leverage any technology over what we've had in the past (read: Rolex); then there literally is no reason to have an Apple watch. We shouldn't give Apple a pass for doing the same things the stuff they're trying to replace would also do.

diddl14 · May 13, 2015

Guess an option is to buy a cover that hides its true identify..

jthesssin · May 13, 2015

Except for one thing

goobot said:
Because this is an apple form.

This was reposted BY Macrumors.com. this story did not originate with them. OTHERS are bringing the lack of activation lock to the general publics attention

max-man · May 13, 2015

furam90 said:
I also made a thread on the forums before regarding the optical sensor protection flaw.

It is easily bypassable, if someone just puts their finger underneath the sensor when taking off the device they are not prompted for a PIN. So you could easily take someone elses information as well.

https://forums.macrumors.com/threads/1881221/

Of course, my post was dismissed and people said it wasn't an issue.

This actually is a big issue. I just did it to my coworker just now. you are right, I did the slight of hand removal of his watch and I was able to keep it from locking.

But he did know I was taking it off, I am not that good.

BCWorld · May 13, 2015

Said this in the beginning. The theft will be high with no way to track the watch. Once apple adds Lte I'm in, until then I'm out.

I'm done here and
I'm out.

Cheers.

ka-spot · May 13, 2015

no worries !

i'll keep mine in a bank tresor

Switchback666 · May 13, 2015

Same as everything on a wrist, when its gone its gone unless your lucky.

I don't think this is a problem but if apple wants to apply something like activation lock its cool

RDeckard · May 13, 2015

PBF said:
Not an issue since there are only 5 watches in the wild.

There are 3 people in my office that have one (including me) -- so we make up 60% of the Apple Watches in the wild?

Wow!!!

ukcolinr · May 13, 2015

My first watch that was due for delivery on launch day 'went missing' from UPS and I was told all UPS had was an empty box (luckily Apple got me out a replacement within a week). I specifically asked Apple whilst on the phone if they would block this Apple Watch so it could not be activated and was told no by the representative I spoke to. I actually assumed I'd been given incorrect information as it seemed crazy, but maybe not having read this article. I can appreciate what those are saying above that any other watch that would be it, but if it can be done now with a Smart Watch then why not do it as a deterrent to thieves?

TheRainKing · May 13, 2015

Strange… It's just software so why wouldn't Apple Watch have the same sort of security features the iOS devices have?

RenoG · May 13, 2015

Maybe it's me but I'd rather hit a distracted business man over his head for his 10k Rolex than some hipster for his apple watch. If I were a heartless low life scum of the earth thief that is.

Lictor · May 13, 2015

bbeagle said:
Every Rolex, Timex, Moto 360.... all work the same way. Why single out Apple Watch?

Because thieves won't steal Rolex and even less Moto 360. They know the stolen Apple Watch, especially when it's still in short supply, will sell fast and well. The Rolex for instance, is too expensive to sell quickly and if you don't have proof of purchase they will be considered knock off.

andrewmaj · May 13, 2015

In other news the sky is blue and grass is green.

Apple Watch Vulnerable to Theft With No Activation Lock

macrumors bot

macrumors 68040

macrumors G3

macrumors 603

macrumors 603

macrumors 6502

macrumors newbie

macrumors regular

macrumors newbie

macrumors 6502

macrumors member

macrumors G3

macrumors regular

macrumors 65816

macrumors regular

macrumors newbie

macrumors 6502

Suspended

macrumors 68000

macrumors regular

macrumors regular

macrumors 6502a

macrumors 65816

macrumors 6502

macrumors regular

Our Staff