Monday, May 25, 2015

Bypass Apple Watch Passcode Lock Bug In Watch OS 1.0

According to reports attackers are able to bypass Apple Watch passcode lock. As wearable owners know that wrist-detection on the Apple Watch is supposed to ensure that it will ask for the passcode if removed from your wrist. But as it became known that a thief is able to hack Apple Watch without entering the passcode. As the result, they can pair the Watch with any other iPhone.

Activation Lock protects iPhones from attackers and thieves. It means that in case a thief performs a hard reset of the device, it cannot be reactivated again without the original owner’s Apple ID and password. Unfortunately, the Apple Watch doesn't have such protection, and does not require a passcode to wipe it.

Activation Lock was first introduced in iOS 7 and settled by default in iOS 8. It prevents an iOS device from being activated after being reset without first disabling Find My iPhone. It was a direct response to the alarming amount of iPhone thefts at the time: 25% in New York, 40% in San Francisco and 50% in London. The Apple Watch is theoretically protected by a passcode which has to be entered if the device is removed from your wrist, but an apparent bug let a hard reset be performed without it. And as the result allows thieves to bypass Apple Watch passcode lock.

Unfortunately, the Apple Watch doesn’t have the possibility to set its own dedicated Wi-Fi or cellular connection, so a proper Find My iPhone-like solution isn’t in the cards. Apple can make it in the way the device checks against the Apple ID of the last paired device, and requires the proper credentials before un-pairing with that device.


Post a Comment