Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Optical sensor big security flaw

F

furam90

macrumors 6502
Original poster
Jun 15, 2010
251
230
So the watch is supposed to prompt your PIN once it breaks skin contact right?

Well, I've been playing around with it and apparently theres a small gap between the time you take it off and when it locks.

I've been able to successfully take off my watch and then just put my fingers underneath right after and it doesn't lock at all. As a matter of fact, it actually bugged it out to the point where it wouldn't lock again until I restarted the device. Try it out for yourself.

I think this is kind of a big security flaw as it leaves the watch open to theft or unwanted access to your information, no?
 
Last edited:
furam90 said:
So the watch is supposed to prompt your PIN once it breaks skin contact right?

Well, I've been playing around with it and apparently theres a small gap between the time you take it off and when it locks.

I've been able to successfully take off my watch and then just put my fingers underneath right after and it doesn't lock at all. As a matter of fact, it actually bugged it out to the point where it wouldn't lock again until I restarted the device. Try it out for yourself.

I think this is kind of a big security flaw as it leaves the watch open to theft, no?
Click to expand...
If your watch is stolen once it breaks contact with your phone it becomes kinda useless doesn't it?
 
The fact that it's a watch leaves it open to theft..... Not sure exactly what you're point is.

IF you mean some one could "take over" your watch then sure, that may be a problem. However not every one will have the pass code feature on.... my wife doesn't.
 
MartyCan said:
If your watch is stolen once it breaks contact with your phone it becomes kinda useless doesn't it?
Click to expand...

I think you can restore the device from the watch interface.

https://support.apple.com/en-us/HT204567 <--Oddly enough the info on Apple's site is wrong, you can erase the device from your wrist, but not by the force touch it describes in the link above.

It's an option in General->Settings

----------
AFDoc said:
The fact that it's a watch leaves it open to theft..... Not sure exactly what you're point is.

IF you mean some one could "take over" your watch then sure, that may be a problem. However not every one will have the pass code feature on.... my wife doesn't.
Click to expand...

Well the idea is a would be thief would be deterred from stealing the watch because the watch wouldn't be able to be used if its protected by the PIN. IF there's no PIN, the thief can Erase and restore and use as his own.
 
Last edited:
AFDoc said:
You haven't dealt with many thieves in your life have you?
Click to expand...

No, but I do know that thieves can be rational. iPhone theft is significantly down since the advent of Activation lock

Once a hot item for thieves and pickpockets, Apple's iPhone is becoming a significantly less attractive target as the company's Activation Lock prevents the devices from being easily wiped and re-sold, a new report indicates.

http://appleinsider.com/articles/15...thefts-down-40-in-san-fracisco-25-in-new-york
Click to expand...

So the idea that Apple watch's lock-- its main security feature on something worn on your wrist-- is easily bypassable should be a big issue.
 
  • Like
Reactions: jiehanzheng
What I mean is that a thief would not be able to use any personal info from the watch wothout it's connection to the iPhone it is paired with.

I think that was the concern of the OP and for sure is a bigger issue than a stolen Watch unless it were an Edition.
 
furam90 said:
No, but I do know that thieves can be rational. iPhone theft is significantly down since the advent of Activation lock



So the idea that Apple watch's lock-- its main security feature on something worn on your wrist-- is easily bypassable should be a big issue.
Click to expand...

Hard numbers showing thefts of iPhone down? You're probably talking about the story from Feb 11 of this year but where are they getting their numbers? "From officials in those cities"...... what officials? Police reports? PLUS that was in 3 cities studied..... no mention if thefts went up in other locations. Not saying it doesn't help but the fact that something can be pass locked doesn't mean it won't get stolen.
 
MartyCan said:
If your watch is stolen once it breaks contact with your phone it becomes kinda useless doesn't it?
Click to expand...

Well what if the person has added CCs for use with Apple Pay? Of course you'd cancel the cards, but I imagine between the period its stolen and when you call, they'd be able to make purchases (even if you can later have the bank refund you)? This would kind of be a big security issue if it in fact doesn't lock when you do what the OP described
 
furam90 said:
So the watch is supposed to prompt your PIN once it breaks skin contact right?

Well, I've been playing around with it and apparently theres a small gap between the time you take it off and when it locks.

I've been able to successfully take off my watch and then just put my fingers underneath right after and it doesn't lock at all. As a matter of fact, it actually bugged it out to the point where it wouldn't lock again until I restarted the device. Try it out for yourself.

I think this is kind of a big security flaw as it leaves the watch open to theft, no?
Click to expand...
If there wasn't this delay the watch could lock itself repeatedly during the day if it comes off your skin for a second, especially for those who wear the watch loosely.

I would strongly suspect that the slight delay is by specific design.
 
AFDoc said:
Hard numbers showing thefts of iPhone down? You're probably talking about the story from Feb 11 of this year but where are they getting their numbers? "From officials in those cities"...... what officials? Police reports? PLUS that was in 3 cities studied..... no mention if thefts went up in other locations. Not saying it doesn't help but the fact that something can be pass locked doesn't mean it won't get stolen.
Click to expand...

I think they were from crime statistics based on police reports. 3 of the worlds biggest cities is a pretty big sample size. Of course a passlock doesn't prevent all theft but it can deter it.

But it's not just theft, as you said before someone can take full control of the device and get all your information. Someone else in the thread mentioned apple pay via the CC on the watch. Didn't even think about that, that's a danger.

I think if they sped up the lock just a bit it would be much more effective. Right now it's way too slow.
 
furam90 said:
As a matter of fact, it actually bugged it out to the point where it wouldn't lock again until I restarted the device. Try it out for yourself.
Click to expand...

I am not fussed about the dealy, but this part you mentioned has me wondering. Can you elaborate how to reproduce this part?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back