It might have shipped late, with less functionality, cost more than a weekend in Paris, and be as useful as a chocolate teapot, but Apple’s iWatch is also collecting a reputation for having a security flaw so big it can suck small moons into its orbit.
The latest hole is that the Watch can be reset and paired with another phone within minutes – and without ever having to enter a passcode. Since the Watch doesn’t have its own GPS chip, once it’s lost or stolen it can’t be tracked.
The flaw was discovered by Jeff Benjamin from iDownloadBlog.
Pressing and holding the Watch’s power button presents an option to ‘Erase all content and settings’ and this appears even if a PIN hasn’t been entered.
Once the device is plugged into charge, it will confirm that the user wants to reset it and will wipe all of the data within seconds.
And after the device has been wiped, also known as a factory reset, it can be paired with another iPhone in the standard way. On the bonus side the “hack” will not mean that any data stored on the watch will end up in a thief’s hands.
They will also not be able to use Apple Pay without knowing the passcode of the Watch.
But once reset, they can use the Watch as if it were their own without being traced.
Still it is incredibly dumb of Apple to have a smart watch which is so easy to steal. Apple must have assumed that because the watch can’t go very far from its smartphone people were never going to lose it.