nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Crafty fingering could let Apple Watch thieves raid your bank account

Artful dodge nets access to linked credit cards

By Simon Rockman, 28 May 2015

Updated Deft watch thieves could circumvent the biometric security in an Apple Watch to empty your bank account.

The Apple Watch uses the heart rate monitor to tell when it has been taken off your wrist. This locks the watch so that you need to enter a PIN to use the watch again, but means you don’t have to enter a PIN every time you do want to use the watch.

Unfortunately the watch only polls the heart rate sensor once a second. This is fine for most circumstances and necessary to keep the watch from locking itself unless you want to keep the strap overtightened.

Unfortunately this opens up the way for a skilful prestidigitator to slide a finger under the sensor ahead of removing the watch and lift it without triggering the biometric lock. Website Gadgethacks (YouTube video) has demonstrated that this can, in turn, open the way to using the stolen Watch to buy things with ApplePay.

The stolen sort-of-timepiece serves as a proxy for the mark’s contactless credit card even if it’s only the Watch which is stolen and not the phone to which it is paired. The Watch doesn’t check to make sure the phone is still around before yielding its token to the payment terminal.

Still, if you have your phone, you can at least call to switch off Apple Pay if your watch gets pocketed.

Update

We checked out the likelihood that a pickpocket could steal slide a finger under a watch while stealing it without the victim noticing. Martin Macmillan of Clerkenwell magic supplies shop International Magic said that, for a skilled entertainer, this would be no problem.

Stealing a watch, we're told, is all about holding the mark in the right way and applying pressure, and - more importantly - the release of pressure to create the correct distraction. He pointed us to a book, Professional Stage Pickpocket, so while Gadgethacks might maintain that the scenario is far-fetched, we believe otherwise. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing