This Apple Watch Flaw Will Make Thieves Smile: No Kill Switch!


Apple Watches are not quite as secure as it was previously believed. All it takes is a long press of the contacts button to untether an Apple Watch from a paired iPhone.

The Apple Watch's wrist-detection feature was supposed to serve as a theft deterrent. When the Apple Watch is removed from its owner's wrist, the smartwatch locks itself down and requires the user's pin code to continue using device.

However, unlike the iPhone, which is protected from hard resets via Activation Lock, the Apple Watch doesn't have a defense against a soft reboot. So after a hard reset, the Apple Watch can be paired to another iPhone with little effort.

With Activation Lock, resetting Apple devices needs the owner's credentials so that they can be reactivated. Knowing this has helped decrease theft of iPhones and ultimately lowered the frequency at which iPhone users are victimized.

The so called "kill switches," like Activation Lock, have been advocated by law enforcement officials. San Francisco District Attorney George Gascon was among the recent group of law enforcement officials who called for law mandating the implementation of kill switches to help deter the theft of mobile devices.

"The wireless industry continues to roll out sophisticated new features, but preventing their own customers from being the target of a violent crime is the coolest technology they can bring to market," said Gascon back in February of this year.

Apple's Activation Lock was introduced with iOS 7 to help cut down on the theft of iPhone. The feature, now turned on by default with iOS 8, has helped to cut iPhone theft in New York City by about 40 percent and by about 50 percent in San Francisco.

"We have made real progress in tackling the smartphone theft epidemic that was affecting many major cities just two years ago," said London Mayor Boris Johnson.

The absence of Activation lock was discovered by iDownloadBlog and demonstrated in a YouTube video; the flaw has since been verified by others. For users of Apple Pay, the mobile wallet can be disabled remotely via Find My Phone.

Check out a demonstration of the vulnerability in the video shown:

ⓒ 2018 All rights reserved. Do not reproduce without permission.
Real Time Analytics