Apple Watch Vulnerable to Theft With No Activation Lock

[Binarymix]

It is possible to implement "lost" mode without WiFi and GPS as long as (1) user sets the passcode, (2) Apple Watch puts the phone in lost mode if repeated passcode entry fails, (3) when Apple Watch is in lost mode or erased/reset/new, it requires cloud-based (Apple server) activation.

The watch already makes you wait 1 minute if you type the PIN in wrong to many times. However, currently, you do as the article says, and hold the button, and force touch to bring up the wipe watch function. This negates the security feature of a PIN altogether.

(or does it ask for the PIN before wiping? I'm not brave enough to try)

Your way may work, but I think it would be more secure to tie the security to your Apple ID as the iPhone does.

*edit* And 5 minutes if you type it in too many times wrong afterwards.

I'm not brave enough to try a third time

 

[DynaFXD]

..[snip].. The Rolex for instance, is too expensive to sell quickly and if you don't have proof of purchase they will be considered knock off.

Most street crime isn't that sophisticated. Most criminals learn early on to not be holding any longer than needed. Smash and grab, get yourself over the local fence or dealer for your hit or 20 bucks, and on to the next. The second or third guy may be looking for more, but they aren't looking for the value like an owner selling a piece of property is. Other times there is already a "I need this, here's half, the other half when you drop it off" arrangement in place.

 

[DynaFXD]

Nope.

The watch gets its own registered card tokens, and can pay independently of the phone..[snip]..

Yep. And like any other credit card (that we willing give to strangers to run through a machine out of our site) fraudulent Apple Pay charges are covered by credit card insurance. Even if they managed to get the watch unlocked and run up a huge bill buying Big Macs, that's not a worried user's problem so long as you report it stolen as soon as you can.

 

[C DM]

Do you think that if Apple spent less time on Gimmicks like doodle & sending heartbeat & more time on basics like security it may have been a wiser choice?

I do.

That'a assuming that would have made that kind of a difference. And that's purely an assumption and nothing more. While those "gimmicks" are getting the product sold and increasing its adoption. We are back once again to reality vs. hope--it's nice to hope for things, but reality isn't affected by that.

----------

And yet they release an arguably overpriced phone with cheeky gimmick's & lacks basic security.

They copied wrong.

Considering no copying happened...they surely copied it wrong.

But given the obviously deliberate wording that is used in various posts of this sort the bias is right at the surface, which means any discussion isn't really going to go anywhere anyway. Oh well.

 

[dampfnudel]

Since we all saw and experienced how successful Activation Lock is at reducing iOS device theft, it really is a headscratcher why Apple didn't bother to incorporate a similar feature for the Apple Watch.

I'm sure Apple took that into consideration, but probably decided it wasn't necessary because most thieves are opportunists looking for a easy score, not involving assault/physical contact to remove the watch. It was a lot easier to grab an iPhone out of someone's hand. It might take a high-profile incident where someone in New York or somewhere else gets killed over their Apple Watch to put enough pressure on Apple to come up with a solution.

 

[Bromeo]

I'm sure Apple took that into consideration, but probably decided it wasn't necessary because most thieves are opportunists looking for a easy score, not involving assault/physical contact to remove the watch instead of easily grabbing an iPhone out of someone's hand. It might take a high-profile incident where someone in New York or somewhere else gets killed over their Apple Watch to put enough pressure on Apple to come up with a solution.

We're all assuming nothing happens if a watch is reported stolen to Apple. Maybe there already exists a process!

It would be easy for the Apple Watch iOS app to first validate a watch ESN against a master database at the mothership during the pairing process. Not only would this be smart for verifying authenticity, but also to refuse pairing to watches on a hot list.

The watch is a lot less valuable if it won't pair during setup. It should simply display the red ! error instructing the user to bring the watch in to the nearest Apple store.

I wouldn't be surprised if this is how it would work today if you reported your watch a stolen.

 

[alphaod]

So what about regular watches? Those don't have any technical way to prevent theft?

 

[C DM]

So what about regular watches? Those don't have any technical way to prevent theft?

Clearly they are doomed and their manufacturers should be ashamed of themselves for ever even daring to create them, let alone actually sell them to the public.

 

[ThisIsNotMe]

Because there's no Activation Lock and because the Apple Watch is reliant on the iPhone, there's also no Find My iPhone option to locate a lost or stolen Apple Watch. Due to this lack of security, it's possible the Apple Watch will become a major target for thieves.

Why would the watches reliance on iPhone be required for Find My iPhone. It has WiFi.

 

[jmh363905]

Why would the watches reliance on iPhone be required for Find My iPhone. It has WiFi.

There's not a way to connect the Watch to WiFi from the Watch. It just connects to the same network your iPhone is connected to (assuming it supports 2.4 Ghz). Aside from a round about location that WiFi provides, there is no GPS on the Watch. There's more to work around besides a WiFi connection and it not knowing or having the ability to enter the credentials for the network.

 

[macsrcool1234]

Why is only Apple Watch singled out?

EVERY smart watch and NON-smart watch - even those costing thousands of dollars more - operates in the same way. Lose the watch, or get it stolen, someone else can use it like it was theirs.

Every Rolex, Timex, Moto 360.... all work the same way. Why single out Apple Watch?

Uh, because it's an Apple blog?

 

[BeyondtheTech]

Maybe Apple put in a hidden anti-theft mechanism in the WATCH. If you activate a stolen one, instead of sending you a tap, it will electrocute you, or the green sensor lights will amplify into lasers and burn a hole through your wrist.

Now we all just have to look for that hidden UI in the Apple Watch app...

 

[ZCT]

I'm still not getting it.

I'm walking down the street and you Criss Angel my watch off.

It has a unique serial number engraved on the back and embedded in the chip.

The moment the criminal or his buyer wipe and try and pair the watch, Apple has a record of the Apple ID, primary credit card, and personal information of the person who has my watch. In fact as luck would have it, the phone they just paired it with even has GPS info of current location.

It would be child's play to send a legal request to Apple for any info about the stolen watch and before you know it a trigger happy cop is knocking on their door.

Even if they send it to another country, don't you think Apple would have a means of killing a device once the serial is reported stolen, especially since you have to connect it with a legitimate iTunes account?

----------

So what about regular watches? Those don't have any technical way to prevent theft?

I've owned four watches worth more than all but the Edition Apple Watches since 1996. I've travelled to multiple countries, and 38 American states. And no one has even stolen my watch.

It's not something I am going to spend any time worrying about.

Since the Apple Watch has a unique serial number on the case and in the hardware, it would be nice to know that Apple can issue a kill order on any serial reported stolen so that the moment the thief or buyer tries to pair it it no longer functions. That would be pretty simple to do and give people who like to worry about random things a little piece of mind.

 

[WilliamG]

Bottom line: I'm surprised there's no activation lock on an Apple Watch after it's been paired and then erased. It should quite simply prompt you for the email and password - or be useless to anyone.

 

[MyopicPaideia]

Who says everyone must have iPad/Mac? I bet the majority of the iPhone owners don't.

Nobody, but two-step verification can also be completed at Apple's website, don't need another Apple device, just makes it more convenient.

 

[Tech198]

oh Apple *slaps forehead*

You dummy

Didn't anyone think a $17,000 smart watch wouldn't be a gold mine ?

Well, it IS an accessory... what did you expect ?

 

[ThisIsNotMe]

There's not a way to connect the Watch to WiFi from the Watch. It just connects to the same network your iPhone is connected to (assuming it supports 2.4 Ghz). Aside from a round about location that WiFi provides, there is no GPS on the Watch. There's more to work around besides a WiFi connection and it not knowing or having the ability to enter the credentials for the network.

How is this limitation any different than a MacBook, iPod Touch, iMac, ect???

 

[newyorkguy]

you loose it, you do it wrong.

 

[Lictor]

Most street crime isn't that sophisticated. Most criminals learn early on to not be holding any longer than needed.

Exactly. And you have stores by the dozens that will unlock and buy "your" Apple product without asking questions. So, you will be able to resale your stolen iPhone or Watch within the hour and for a very decent price. You don't have that for Rolex.

 

[Popeye206]

Yawn.... so the Apple Watch is like 99.9% of all things... it can be stolen and used. Stupid.

 

[Lictor]

It would be child's play to send a legal request to Apple for any info about the stolen watch and before you know it a trigger happy cop is knocking on their door.

A trigger happy cop ? In Africa ? They're usually part of the networks to distribute stolen iPhone, cars or whatever.

"Even if they send it to another country, don't you think Apple would have a means of killing a device once the serial is reported stolen, especially since you have to connect it with a legitimate iTunes account?"

Obviously, they don't, since iPhones are stolen by thousants, shipped to Africa by thousands and this has been going for years...

"I've owned four watches worth more than all but the Edition Apple Watches since 1996. I've travelled to multiple countries, and 38 American states. And no one has even stolen my watch."

And I usually move around with more than $5k of photo equipments, including in Faux News "no go" zones. I have never been stolen from either. Does this mean that noone with photo equipments has ever been stolen from ?
Besides, the Apple Watch will be much much more popular among thieves than your watches. Just like the iPhone was much more popular than similarly priced smartphones.

"Since the Apple Watch has a unique serial number on the case and in the hardware, it would be nice to know that Apple can issue a kill order on any serial reported stolen"

If it's like the iPhone, it doesn't work - I mean, less iPhones are stolen, but they are still stolen in huge numbers. If they were useless once stolen, I would figure the thieves would have figured it out now. Unless the serial number is burnt in, it can be erased. The thieves go through shops who are very well equipped. For instance, the 4-digits code on the iPhone is now cracked in minutes in these shops.

 

[Attonine]

Exactly. And you have stores by the dozens that will unlock and buy "your" Apple product without asking questions. So, you will be able to resale your stolen iPhone or Watch within the hour and for a very decent price. You don't have that for Rolex.

it's not a world I move in, but let's say you happen across a Rolex, a good example because it's the most well know luxury watch brand, this Rolex has cost you nothing, so every $ you make off of it is profit. Do you know how many people would be chomping at the bit to get that watch from you for, say $1000? You could probably get more that that from the dodgy Pawn shop in the wrong part of town. It really is not difficult to move these items on, and especially not if this is the world you move in.

 

[bbbb4b]

beagle: Why is only Apple Watch singled out?
EVERY smart watch and NON-smart watch - even those costing thousands of dollars more - operates in the same way. Lose the watch, or get it stolen, someone else can use it like it was theirs.
Every Rolex, Timex, Moto 360.... all work the same way. Why single out Apple Watch?

Because this is an apple form.

Wow. His point ; ZOOM right over your head, huh?

It's not an "Apple" issue. (THAT was his point) Get it?

----------

Uh, because it's an Apple blog?

So why include something that isn't an "Apple issue"?
It's just a universal watch issue.

 

[Jsameds]

Why is only Apple Watch singled out?

EVERY smart watch and NON-smart watch - even those costing thousands of dollars more - operates in the same way. Lose the watch, or get it stolen, someone else can use it like it was theirs.

Every Rolex, Timex, Moto 360.... all work the same way. Why single out Apple Watch?

"MacRumors.com is a website that aggregates Mac and Apple related news, rumors, and reports. The site was launched February 24, 2000 in Richmond, Virginia, and is owned by Arnold Kim."

http://en.wikipedia.org/wiki/MacRumors

 

[uid15]

Hang on... so watches get stolen? Gosh.