Thieves can steal your Apple Watch and shop with Apple Pay, but pulling it off could trouble a ninja master

Thieves can steal your Apple Watch and shop with Apple Pay, but pulling it off could trouble a ninja
WonderHowTo writers Nelson Aguilar and Neil Gonzalez have identified a small loophole in Apple Watch security, which could, very hypothetically, let somebody in possession of your device use it to make Apple Pay payments with your credit card data. In their own words, such an occasion "is highly unlikely, unless you're hanging out with magicians, pickpockets, or commute on crowded trains." Nevertheless, their discovery is an interesting and entertaining accomplishment that's worth taking a look at.

To keep things secure, the Apple Watch automatically locks itself exactly one second after it detects that it has been taken off your wrist. To do that, It uses the elaborate heart rate monitor on its back to sense the presence of skin. One second of no skin tickling the sensor, and the Watch sequesters itself until you put it back on and enter the passcode.

It probably sounds like a video game achievement, but if one manages to touch the back of the watch while taking it off your wrist, the sensors get lured and the Apple Watch thinks it's still on your wrist! Once it ends up on someone else's arm, unlocked, they are free to use all of its functionality that's independent of an iPhone connection, and that includes Apple Pay. In fact, Nelson managed to pay for an item with Neil's watch and credit card data, while Neil's iPhone was turned completely off. That was much easier than any of them expected to be.

It's pretty hard to fathom how Apple would go on about fixing this issue, considering the one second limit is implemented to leave headroom for spontaneous movements that separate the watch from skin in millisecond durations. The kind of movements that occur while running, for example. A smart-watch that constantly locks itself is a smart-watch nobody wants to wear, and Apple knows it, hence it could take delicate timing to tighten the limit, while leaving the sensor enough time to not get fooled by micro-movements.

For the time being, be especially careful with the Watch in crowded places. While it would be extremely hard to lift the watch off your wrist while simultaneously luring the sensors, it is not entirely impossible. Well, think of it as being just 99% impossible, rather than 100% impossible. However, if one falls asleep or is rendered unconscious in a public place, stealing the Watch unlocked does become a serious threat.

source: WonderHowTo
FCC OKs Cingular\'s purchase of AT&T Wireless