Possible Apple Watch/Apple Pay Security Flaw Discovered

Discussion in 'Apple Watch News' started by Maura, May 21, 2015.

  1. Maura

    Maura Moderator Staff Member

    Joined:
    Mar 24, 2015
    Messages:
    51
    Likes Received:
    8
    Trophy Points:
    8
    Model:
    Apple Watch
    Apple Watch security flaw.JPG

    BGR writes today of a worrying new security flaw that has been discovered by a blogger that appears to enable thieves to use Apple Pay on a stolen Apple Watch without having to enter the original owner’s PIN code.

    The apparent vulnerability appears to be the result of the way in which the Apple Watch uses sensors to detect when the owner is wearing it, and thus eliminates the need to input the security code when the Watch is being worn, and also lets the user make payments with Apple Pay without having to input a PIN.


    When a Watch is removed from the wrist the sensors detect this and PIN security is enabled, and this is where the possible security flaw occurs, as there is a delay of around a second when the Watch is taken off the wrist before PIN security is re-enabled. Also, the sensors can’t tell the difference between a wrist and a finger, so a thief could, in theory, snatch a Watch from someone’s wrist, then cover the sensors so that PIN security remains disabled.

    As the video shows, it doesn’t work every time, but even so, it’s still a flaw that Apple will need to deal with quickly.

    Source: Apple Watch Security Flaw Thieves can continue to use Apple Pay BGR
     
  2. twerppoet

    twerppoet Well-Known Member

    Joined:
    Sep 9, 2014
    Messages:
    547
    Likes Received:
    715
    Trophy Points:
    93
    Model:
    Apple Watch Sport
    I imagine that the slight delay is there so that if you chose not to wear the watch strapped to your wrist like a tourniquet, every little jostle doesn't lock the devices. It's not a security flaw. It's a deliberate choice about usability. Or probably so, in my opinion at least.

    Again, whether Apple needs to deal with this quickly, or at all, is going to depend on whether thieves start snatching watches from peoples wrists. In this case, they need to be rather skillful snatchers, not simple club and grab thugs. You need to grab the watch quickly, precisely, and keep the sensor from activating the passcode lock all the way to the Apple Pay terminal.

    Could it be a threat? Sure. Will it? Who knows?
     
    • Like Like x 1
    • Agree Agree x 1

Share This Page