Only Apple Watch came out on top for Security

Discussion in 'Apple Watch' started by Mac2me, Feb 4, 2016.

  1. Mac2me, Feb 4, 2016
    Last edited: Feb 4, 2016

    Mac2me macrumors 6502a

    Joined:
    Jun 10, 2015
    #1
    Heard about this on the news about fitness trackers like Fit Bit and Apple Watch and found a number of tech publications picking up on it: http://www.pcworld.com/article/3029...re-leaking-lots-of-your-data-study-finds.html

    Here's the story from the University of Toronto that illustrates why you might care: http://www.newswise.com/articles/fi...posed-by-u-of-t-s-citizen-lab-and-open-effect A link to the complete report of the research (pdf) is available there. Worth the read to comprehend the kind of data involved that could be leaked.

    Good to know and another reason I love my Apple Watch.
     
  2. BarracksSi macrumors 68040

    BarracksSi

    Joined:
    Jul 14, 2015
  3. vann macrumors newbie

    vann

    Joined:
    Jan 27, 2016
    Location:
    Nantes (France)
    #3
    Oh thank you for the links.
    It's frightening!

    I'm happy with my Apple Watch too.
     
  4. JayLenochiniMac macrumors G5

    Joined:
    Nov 7, 2007
    Location:
    New Sanfrakota
    #4
    What's the real issue? The ability to track you rather than hack into your activity data? Aren't we subject to that in many places (cell phone use, Google, etc.) other than the fitness trackers?
     
  5. kdarling macrumors demi-god

    kdarling

    Joined:
    Jun 9, 2007
    Location:
    Cabin by a lake
    #5
    Reading the original report, it seems like much ado about nothing.

    I doubt many people are actually worried that someone is going to do a man-in-the-middle attack and forge entries in their exercise record. Oh, the horror!

    As for tracking a Bluetooth id, that's possible with most smartphones as well. Or heck, anyone can check who's coming into a store by simply looking, using good old Mark I eyeballs or cameras.

    The Apple Watch is noted as "not tested", apparently because they tested the others by installing their own lab HTTPS certificate on them, so they could bypass SSL security and read the payloads. Not exactly a real life situation outside of a controlled lab.
     
  6. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #6
    I can't say that I'm surprised, kudos to Apple.

    I wouldn't go that far, as I prefer not have a product that allows someone or companies to track my whereabouts, whether for marketing or other purposes.
     
  7. Thai macrumors 6502a

    Thai

    Joined:
    Feb 2, 2016
    Location:
    Colorado
    #7
    It may be "nothing" now, but this may affect future prospects of these devices being accepted by insurance companies. For example, a few health insurance companies have started to give discounts to those wearing fitness bands/smartwatches. And if these data are hackable or not safe, then it may affect that. Apple Watch being secure means that it would benefit its users.
     
  8. maxsix Suspended

    maxsix

    Joined:
    Jun 28, 2015
    Location:
    Western Hemisphere
    #8
    You might not be as vulnerable with AW, BUT, the FBI, NSA, et al, have zeroed in on _everyone's_ smartphone no matter the brand. If you think iPhones are less susceptible to tracking you're only kidding yourself.

    Any smartphone is a G-Mans wet dream.

    Your privacy is a thing of the past.
     
  9. Thai macrumors 6502a

    Thai

    Joined:
    Feb 2, 2016
    Location:
    Colorado
    #9
    Is that why NY and Cali have proposed bill to ban iPhones because of end-to-end encryption?

    Unlike Android, Apple devices and services have end-to-end encryption.
     
  10. maxsix Suspended

    maxsix

    Joined:
    Jun 28, 2015
    Location:
    Western Hemisphere
    #10
    Having used both Android and iOS concurrently and continually since they were created... I'm more than aware of the differences.

    Yes effective encryption has its advantages, but impenetrable iDevices are something I remain sceptical about.

    I'm also aware of the brilliant, highly successful strategy employed by Steve Jobs to convince anyone and everyone of the superiority of anything Apple. So successful in his endeavor, to this day Apple gets favorable treatment by a greater majority of writers, publications, electronic media etc.

    I like that warm and fuzzy feeling that peace of mind creates, as much as anyone, but my trust in Apple is a thing of the past.
     
  11. Thai macrumors 6502a

    Thai

    Joined:
    Feb 2, 2016
    Location:
    Colorado
    #11
    Funny, i am also VERY familiar with Android. So, you should not assume much about me.

    Do you even know what end-to-end encryption is?! Lets start with basics. And it is this encryption that Andriod lacks.

    Then you add in that ONLY Apple has done privacy right for the Apple Watch.
     
  12. kdarling, Feb 7, 2016
    Last edited: Feb 7, 2016

    kdarling macrumors demi-god

    kdarling

    Joined:
    Jun 9, 2007
    Location:
    Cabin by a lake
    #12
    It's a scare mongering attempt. They're not talking about tracking someone by name. They mean looking for the same anonymous device.

    The primary "tracking" the report is talking about is simply watching for the same Bluetooth MAC address to show up. (The Apple Watch uses a negotiated BLE MAC, which changes, so it "won".)

    I suppose that a mythical advertiser with massive numbers of Bluetooth listening posts all over a city could ascertain that say, the same MAC showing up in a store is one that has been to a gym, and therefore... what? I dunno. You tell me. It's just an anonymous MAC address repeat with nothing to tie it to a way to send ads to you.

    Heck, if you really prefer not having a product that allows such mythical tracking, you'd better give up your iPhone, since it's constantly broadcasting its static cellular IMEI... and over MUCH greater distances than Bluetooth :)
    Apple devices only have end-to-end encryption if the parties are using the iMessage or Facetime apps between two iPhones.

    Likewise, people can easily use end-to-end encryption for the same kind of things between two Android phones by using the same encrypted app (or global encryption addon service). Samsung Galaxy with Knox even comes standard with such apps, NSA approved.

    Even better, of course, would be for iPhones and Android phones to use the same third party encryption app, so they can be secure talking even between brands. (If Apple made Facetime open source as they had originally promised, that would help.)
     
  13. redman042 macrumors 68020

    Joined:
    Jun 13, 2008
    #13
    I can buy things with my Apple Watch, so I'm very glad their products continue to impress independent testers. I'm never worried about security with my Apple devices, and that's a nice feeling.
     
  14. Thai macrumors 6502a

    Thai

    Joined:
    Feb 2, 2016
    Location:
    Colorado
    #14
    True, end-to-end only with Apple services. But that is actually what matters! I don't need to rely on some 3rd party to properly do encryption on their end.

    Encrypted apps? Not everything is equal. See: https://www.eff.org/secure-messaging-scorecard

    Samsung...isn't that the same company that could not even encrypt the fingerprint data?! LOL Basic security 101.

    iOS also approved by NSA.

    Why would Apple make things open-source? Who does that anymore?! Hell, Google has abandoned open source for a few years now!! See: http://arstechnica.com/gadgets/2013...rolling-open-source-by-any-means-necessary/2/

    So, no thanks...Apple needs to keep their main services that require encryption within Apple's wall.
     
  15. kdarling macrumors demi-god

    kdarling

    Joined:
    Jun 9, 2007
    Location:
    Cabin by a lake
    #15
    Most of the rest of us also often communicate with non-iPhone owners.

    iOS devices are only approved for sensitive but non-classified uses. Samsung devices are approved as a basis for more classified applications.

    Oh they wouldn't now. They only said it at the beginning so people would be okay with moving off cross-platform messaging apps. Then they reneged on their promise.
     
  16. Thai macrumors 6502a

    Thai

    Joined:
    Feb 2, 2016
    Location:
    Colorado
    #16
    I don't know...armed forces and NSA approved iOS. Not sure what you're talking about.

    Hmm, it seems like Google/Android reneged BIG TIME on their whole philosophy, no?? Google today is not all that much different than iOS.

    I see that you remain silent on the other stuff i posted. I wonder why....
     
  17. kdarling macrumors demi-god

    kdarling

    Joined:
    Jun 9, 2007
    Location:
    Cabin by a lake
    #17
    Exactly what I said. There are different levels and types of approval.

    You're just deflecting attention away from Apple :)

    If I agree (or at least don't disagree) with something, I usually don't waste space in a response.
     
  18. Thai macrumors 6502a

    Thai

    Joined:
    Feb 2, 2016
    Location:
    Colorado
    #18
    And here i thought that we're talking about Apple Watch security...somehow Samsung Knox gets brought up by you.

    But, lets see...Knox did not secure fingerprint data too well. Just saying.

    Sorry, the ONLY phone that comes with end-to-end encryption (proven to work too) up and running as soon as you create passcode is iPhone.
     
  19. kdarling macrumors demi-god

    kdarling

    Joined:
    Jun 9, 2007
    Location:
    Cabin by a lake
    #19
    Oh. Is this a contest? If so, look back. My post was in response to your off-topic post.

    That wasn't Knox. That was the insecure side with normal Android.

    It's highly doubtful that the Knox side would be allowed by security admins to be accessed via a fingerprint lock, since it's so easy to fool the sensors currently used by Apple and Samsung.

    I'm ex-MI.
     
  20. Thai macrumors 6502a

    Thai

    Joined:
    Feb 2, 2016
    Location:
    Colorado
    #20
    smh.
     

Share This Page