Stolen Apple Watches Can Be Reset & Paired With Other iPhones Easily
A bug in Watch OS 1.0 of Apple Watch has been uncovered by a news blog that allows a thief to reset a stolen Apple Watch and pair it with another iPhone easily. iDownloadBlog discovered this vulnerability while resetting an Apple Watch. They found that the Apple Watch does not have an Activation Lock-like feature that is found on iPhone. The Activation Lock feature of the Apple iPhone prevents a thief from activating a stolen iPhone even if they have performed a hard reset on the smartphone. Reactivation of a stolen iPhone can only be done by entering the original owner’s Apple ID and password. The Apple Watch does not have a similar feature and this means when a thief performs a hard reset of the Apple Watch he/she can easily pair it with another iPhone using a different Apple ID.
The most worrying aspect of this vulnerability is the simplicity of execution. You long press the Favourite Contacts button until you get the power-off prompt then force touch the prompt to bring up another prompt that allows you to erase all contacts and settings of the Apple Watch and once you place it on the charger the work is done. All you have to do now is pair it with a different iPhone and you are free to use it. Since the Apple Watch does not have its own Wi-Fi or Cellular capabilities, you do not have a Find My iPhone-esqe feature that allows you to trace your stolen or misplaced Apple Watch.
However if you consider the privacy part, all is not lost. The thief won’t be able to get access to any of your data as he/she has to perform a reset on the watch and Apple has a safety feature that locks you Apple Watch with a passcode when it is removed from the wrist. At this point we would like to stress that fact that this hack can be carried out even when the Apple Watch is locked by a passcode. <a href="https://www.idownloadblog.com/2015/05/13/the-apple-watch-thieves-reset-no-activation-lock-security/" target="_blank" rel="nofollow noopener noreferrer">Watch OS 1.0 lacks the necessary security features to dissuade thieves</a> which first discovered this threat says that Apple could potentially address this problem by including adding a security feature that checks the last paired Apple ID before resetting the smartwatch. The claims of the aforementioned blog have also been verified by the folks at <a href="https://9to5mac.com/2015/05/14/bypass-apple-watch-passcode/" target="_blank" rel="nofollow noopener noreferrer">Thieves can bypass Apple Watch passcode to pair a stolen watch with their own phone - 9to5Mac</a>.
The most worrying aspect of this vulnerability is the simplicity of execution. You long press the Favourite Contacts button until you get the power-off prompt then force touch the prompt to bring up another prompt that allows you to erase all contacts and settings of the Apple Watch and once you place it on the charger the work is done. All you have to do now is pair it with a different iPhone and you are free to use it. Since the Apple Watch does not have its own Wi-Fi or Cellular capabilities, you do not have a Find My iPhone-esqe feature that allows you to trace your stolen or misplaced Apple Watch.
However if you consider the privacy part, all is not lost. The thief won’t be able to get access to any of your data as he/she has to perform a reset on the watch and Apple has a safety feature that locks you Apple Watch with a passcode when it is removed from the wrist. At this point we would like to stress that fact that this hack can be carried out even when the Apple Watch is locked by a passcode. <a href="https://www.idownloadblog.com/2015/05/13/the-apple-watch-thieves-reset-no-activation-lock-security/" target="_blank" rel="nofollow noopener noreferrer">Watch OS 1.0 lacks the necessary security features to dissuade thieves</a> which first discovered this threat says that Apple could potentially address this problem by including adding a security feature that checks the last paired Apple ID before resetting the smartwatch. The claims of the aforementioned blog have also been verified by the folks at <a href="https://9to5mac.com/2015/05/14/bypass-apple-watch-passcode/" target="_blank" rel="nofollow noopener noreferrer">Thieves can bypass Apple Watch passcode to pair a stolen watch with their own phone - 9to5Mac</a>.
0