Is the Apple Watch secure? I've heard that it's a theft or mugging risk, but how hard would it be for a thief to reset the Apple Watch and sell it on?
Security is a big concern for many Apple Watch owners. If you're going to spend £300 or more on a new Apple device you don't want to lose it, or have it stolen. So just how secure is the Apple Watch, and how much of a challenge would it present to a thief?
We've been putting the Apple Watch to the test for a few days. There's the physical security inherent in a wearable device; then there's data loss, which for some people is more important than other factors. (As journalists we're privy to a few secrets, but nothing earth shattering, but some people work in jobs where losing data is a criminal offence.) Do Apple Watch owners need to worry, and what can they do to improve the device's security?
How secure is the Apple Watch?
First, let's talk a little about physical security. The Apple Watch sport model's band clasps around your wrist, clips on to a small metal stud and tucks through a hole in the strap. This is the most popular model, and it's surprisingly easy to remove - although it doesn't fall off no matter how much you fling it around.
Other Apple Watch straps use magnetic clasps or traditional buckles, and palming these off would call for tremendous skill from a potential pickpocket.
So much for the physical stage of theft. But a more important consideration is whether a thief can use the watch once it's stolen, and this depends on the passcode lock.
Apple Watch: Using a passcode lock
The Apple Watch interface is protected by a four-digit passcode that Apple heavily suggests you use during setup. (Alternatively, you can set a longer passcode, but this will be input on the iPhone rather than the Apple Watch.) You can skip the passcode, but we imagine most people will use one.
The passcode is requested when you first put the Apple Watch on, and the Apple Watch remains unlocked while you are wearing it. The sensors on the back of the Apple Watch detect when it is being worn, and use this as its cue to request a passcode, or allow you to continue as normal. Once you've removed the watch, it requests the passcode next time it wakes up.
Apple Watch sensor security flaw
Somebody recently discovered a flaw in the Apple's Watch 'no passcode while worn' system. If you take an Apple Watch off someone's wrist but keep your fingers on the rear of the device, then the Apple Watch thinks it's still being worn. You don't need to hold it in any particularly accurate or skillful way, either: just keep your fingers loosely around the rear of the Apple Watch and it won't request the passcode.
This is a concern by itself, but what made matters more serious was that selecting Settings > General > Reset > Erase All Contents and Settings would completely wipe the device, enabling a thief to easily sell it on.
Apple has fixed this latter flaw, although the ultra-security-conscious should know that it's still possible to briefly check the contents of the Apple Watch using the sensor trick - at least while they're still in range of your iPhone. Spies and civil servants might want to worry about the loss of any vital data on their smartwatch, but the rest of us don't really need to worry on this account.
Apple Watch passcode and the Watch OS 1.0.1 security update
Apple has issued a recent update to the Apple Watch that fixes the sensor security flaw. We updated to Watch OS 1.0.1 and tested it out. The Apple Watch now requests the four-digit passcode to perform a wipe & reset regardless of whether it's being worn or not.
Prior to the Watch OS 1.0.1 update we were able to remove an Apple Watch from somebody's wrist and reset it without knowing their passcode. We can't now repeat this trick.
Apple's clearly moving fast to prevent a "Watchgate'" incident from forming.
Is it possible to crack an Apple Watch passcode?
At the moment we know of no way to crack the four-digit Apple Passcode, although we imagine security experts are testing it. The Apple Watch does contain a hidden 6-pin diagnostic port underneath the strap. This may enable nefarious souls (or more likely, forensics experts) to connect to the device and crack the passcode.
See also: How to crack an iPhone passcode
As far as we know, there is no software available that can bypass the four-digit code on an Apple Watch, although it's only a matter of time. This software tends to be highly regulated and is hard to get hold of. Also, you have to be highly skilled to use it (it's not a common fate for stolen Apple devices to be hacked).
If you are particularly concerned then choose a 10-digit passcode. This will be much harder - practically impossible, even - for a cracker to get past once they have your Apple Watch.
Read our Apple Watch tutorials:
How to set up a new Apple Watch | How to use Siri on Apple Watch | How to use Digital Touch on Apple Watch | How to reply to a text on Apple Watch | How to answer a call on Apple Watch | How to change watch faces on Apple Watch | How to use the Music app on Apple Watch | How to use Maps on Apple Watch | How to use the Apple Watch Activity app | How to use the Apple Watch Workout app | How to take a screenshot on Apple Watch | How to make the Apple Watch a more accurate fitness tracker | How to manage Apple Watch notifications