Optical sensor big security flaw

Discussion in 'Apple Watch' started by furam90, May 11, 2015.

  1. furam90, May 11, 2015
    Last edited: May 11, 2015

    furam90 macrumors regular

    Joined:
    Jun 15, 2010
    #1
    So the watch is supposed to prompt your PIN once it breaks skin contact right?

    Well, I've been playing around with it and apparently theres a small gap between the time you take it off and when it locks.

    I've been able to successfully take off my watch and then just put my fingers underneath right after and it doesn't lock at all. As a matter of fact, it actually bugged it out to the point where it wouldn't lock again until I restarted the device. Try it out for yourself.

    I think this is kind of a big security flaw as it leaves the watch open to theft or unwanted access to your information, no?
     
  2. MartyCan macrumors 65816

    MartyCan

    Joined:
    Oct 31, 2012
    Location:
    Near Toronto, ON
    #2
    If your watch is stolen once it breaks contact with your phone it becomes kinda useless doesn't it?
     
  3. AFDoc macrumors 68030

    Joined:
    Jun 29, 2012
    Location:
    Colorado Springs USA for now
    #3
    The fact that it's a watch leaves it open to theft..... Not sure exactly what you're point is.

    IF you mean some one could "take over" your watch then sure, that may be a problem. However not every one will have the pass code feature on.... my wife doesn't.
     
  4. furam90, May 11, 2015
    Last edited: May 11, 2015

    furam90 thread starter macrumors regular

    Joined:
    Jun 15, 2010
    #4
    I think you can restore the device from the watch interface.

    https://support.apple.com/en-us/HT204567 <--Oddly enough the info on Apple's site is wrong, you can erase the device from your wrist, but not by the force touch it describes in the link above.

    It's an option in General->Settings

    ----------

    Well the idea is a would be thief would be deterred from stealing the watch because the watch wouldn't be able to be used if its protected by the PIN. IF there's no PIN, the thief can Erase and restore and use as his own.
     
  5. AFDoc macrumors 68030

    Joined:
    Jun 29, 2012
    Location:
    Colorado Springs USA for now
    #5
    You haven't dealt with many thieves in your life have you?
     
  6. furam90 thread starter macrumors regular

    Joined:
    Jun 15, 2010
    #6
    No, but I do know that thieves can be rational. iPhone theft is significantly down since the advent of Activation lock

    So the idea that Apple watch's lock-- its main security feature on something worn on your wrist-- is easily bypassable should be a big issue.
     
  7. MartyCan macrumors 65816

    MartyCan

    Joined:
    Oct 31, 2012
    Location:
    Near Toronto, ON
    #7
    What I mean is that a thief would not be able to use any personal info from the watch wothout it's connection to the iPhone it is paired with.

    I think that was the concern of the OP and for sure is a bigger issue than a stolen Watch unless it were an Edition.
     
  8. AFDoc macrumors 68030

    Joined:
    Jun 29, 2012
    Location:
    Colorado Springs USA for now
    #8
    Hard numbers showing thefts of iPhone down? You're probably talking about the story from Feb 11 of this year but where are they getting their numbers? "From officials in those cities"...... what officials? Police reports? PLUS that was in 3 cities studied..... no mention if thefts went up in other locations. Not saying it doesn't help but the fact that something can be pass locked doesn't mean it won't get stolen.
     
  9. alxz1194 macrumors member

    Joined:
    Sep 30, 2007
    #9
    Well what if the person has added CCs for use with Apple Pay? Of course you'd cancel the cards, but I imagine between the period its stolen and when you call, they'd be able to make purchases (even if you can later have the bank refund you)? This would kind of be a big security issue if it in fact doesn't lock when you do what the OP described
     
  10. xraydoc macrumors 604

    xraydoc

    Joined:
    Oct 9, 2005
    Location:
    192.168.1.1
    #10
    If there wasn't this delay the watch could lock itself repeatedly during the day if it comes off your skin for a second, especially for those who wear the watch loosely.

    I would strongly suspect that the slight delay is by specific design.
     
  11. furam90 thread starter macrumors regular

    Joined:
    Jun 15, 2010
    #11
    I think they were from crime statistics based on police reports. 3 of the worlds biggest cities is a pretty big sample size. Of course a passlock doesn't prevent all theft but it can deter it.

    But it's not just theft, as you said before someone can take full control of the device and get all your information. Someone else in the thread mentioned apple pay via the CC on the watch. Didn't even think about that, that's a danger.

    I think if they sped up the lock just a bit it would be much more effective. Right now it's way too slow.
     
  12. zmunkz macrumors 6502a

    zmunkz

    Joined:
    Nov 4, 2007
    #12
    I am not fussed about the dealy, but this part you mentioned has me wondering. Can you elaborate how to reproduce this part?
     

Share This Page